Implementing Availability State Transition Model to Quantify Risk Factor
In IT era, every organization is depends on computer and internet for its daily routine works. A major objective of an information security policy is to ensure that information is always available to support critical business processing. This is a great challenge to develop secure software to meet its requirements and to satisfy security requirements i.e. Confidentiality, Integrity, and Availability (CIA) against identified risks. To prevent sensitive data, creating session mechanism is used which is helpful in reducing denial of service attack. In this paper, a methodology has been proposed and validated to assess the availability risk at design level using methods and classes.
KeywordsClass Hierarchy Class Increase Sensitive Class Safe Class Session Method
Unable to display preview. Download preview PDF.
- 1.RAP and ComponentBee, http://www.vtt.fi/proj/cosi/index.jsp
- 2.Evesti, A., Niemela, E., Henttonen, K., Palviainen, M.: A Tool Chain for Quality-driven Software Architecting. In: IEEE International Software Product Line Conference (2008)Google Scholar
- 5.Leangsuksun, C., Shen, L., Liu, T., Song, H., Scott, S.L.: Dependability Prediction of High Availability OSCAR Cluster Server. In: The 2003 International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA 2003), Las Vegas, Nevada, USA, June 23-26 (2003)Google Scholar
- 6.Muppala, J., Ciardo, G., Trivedi, K.S.: Stochastic Reward Nets for Reliability Prediction. Communications in Reliability, Maintainability and Serviceability: An International Journal published by SAE International 1(2), 9–20 (1994)Google Scholar
- 7.Jansen, W.: Directions in Security Metrics Research. National Institute of standards and technology, NISTR 7564 (March 2009)Google Scholar
- 8.Deng, Y., Wang, J., Tsai, J.J.P.: Formal Analysis of Software Security System Architectures. In: Proceedings of International Symposium on Autonomous Decentralized Sytems, Dallas, TX, USA, March 26-28, pp. 426–434 (2001)Google Scholar
- 10.Chandra, S., Khan, R.A.: Software Security Metric Identification Framework (SSM). In: Proceedings of International Conference on Advances in Computing, Communication and Control (ICAC3 2009), Mumbai, Maharastra, India, January 23-24, pp. 725–731. ACM (2009)Google Scholar
- 11.Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, special issue on Formal Methods for Security 21(1), 5–19 (2003)Google Scholar
- 12.Corporate Information Security Working Group, Report of the Best Practices and Metrics Teams Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census Government Reform Committee, United States House of Representative, November 17 (2004) (Revised January 10, 2005) Google Scholar
- 15.More Never Again IV, The availability digest (February 2010), http://www.availabilitydigest.com/public_articles/0502/more_never_agains_4.pdf
- 17.Chandra, S., Khan, R.A.: A Methodology to Check Integrity of a Class Hierarchy. International Journal of Recent Trends in Engineering, Academy 2(4), 83–85 (2009)Google Scholar
- 18.Cardoso: Process control-flow complexity metric: An empirical validation. In: IEEE International Conference on Services Computing, IEEE SCC 2006, 18-22 September, pp. 167–173. IEEE Computer Society (2006)Google Scholar