Advertisement

Implementing Availability State Transition Model to Quantify Risk Factor

  • Shalini Chandra
  • Raees Ahmad Khan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (volume 167)

Abstract

In IT era, every organization is depends on computer and internet for its daily routine works. A major objective of an information security policy is to ensure that information is always available to support critical business processing. This is a great challenge to develop secure software to meet its requirements and to satisfy security requirements i.e. Confidentiality, Integrity, and Availability (CIA) against identified risks. To prevent sensitive data, creating session mechanism is used which is helpful in reducing denial of service attack. In this paper, a methodology has been proposed and validated to assess the availability risk at design level using methods and classes.

Keywords

Class Hierarchy Class Increase Sensitive Class Safe Class Session Method 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Evesti, A., Niemela, E., Henttonen, K., Palviainen, M.: A Tool Chain for Quality-driven Software Architecting. In: IEEE International Software Product Line Conference (2008)Google Scholar
  3. 3.
    Madan, B.B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. An International Journal of Performance Evaluation 56, 167–186 (2004)CrossRefGoogle Scholar
  4. 4.
    Chandra, S., Khan, R.A.: Availability State Transition Model. ACM SIGSOFT Software Engineering Notes 36(3), 1–3 (2011)CrossRefGoogle Scholar
  5. 5.
    Leangsuksun, C., Shen, L., Liu, T., Song, H., Scott, S.L.: Dependability Prediction of High Availability OSCAR Cluster Server. In: The 2003 International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA 2003), Las Vegas, Nevada, USA, June 23-26 (2003)Google Scholar
  6. 6.
    Muppala, J., Ciardo, G., Trivedi, K.S.: Stochastic Reward Nets for Reliability Prediction. Communications in Reliability, Maintainability and Serviceability: An International Journal published by SAE International 1(2), 9–20 (1994)Google Scholar
  7. 7.
    Jansen, W.: Directions in Security Metrics Research. National Institute of standards and technology, NISTR 7564 (March 2009)Google Scholar
  8. 8.
    Deng, Y., Wang, J., Tsai, J.J.P.: Formal Analysis of Software Security System Architectures. In: Proceedings of International Symposium on Autonomous Decentralized Sytems, Dallas, TX, USA, March 26-28, pp. 426–434 (2001)Google Scholar
  9. 9.
    Chandra, S., Khan, R.A., Agrawal, A.: Software Security Factors in Design Phase. In: Prasad, S.K., Routray, S., Khurana, R., Sahni, S. (eds.) ICISTM 2009. CCIS, vol. 31, pp. 339–340. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Chandra, S., Khan, R.A.: Software Security Metric Identification Framework (SSM). In: Proceedings of International Conference on Advances in Computing, Communication and Control (ICAC3 2009), Mumbai, Maharastra, India, January 23-24, pp. 725–731. ACM (2009)Google Scholar
  11. 11.
    Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, special issue on Formal Methods for Security 21(1), 5–19 (2003)Google Scholar
  12. 12.
    Corporate Information Security Working Group, Report of the Best Practices and Metrics Teams Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census Government Reform Committee, United States House of Representative, November 17 (2004) (Revised January 10, 2005) Google Scholar
  13. 13.
    Mustafa, K., Khan, R.A.: Quality Metric Development Framework(qMDF). Journal of Computer Science 1(3), 437–444 (2005)CrossRefGoogle Scholar
  14. 14.
    Bansiya, J., Davis, C.G.: A Hierarchical Model for Object-Oriented Design Quality Assessment. IEEE Transaction on Software Engineering 28(1), 4–17 (2002)CrossRefGoogle Scholar
  15. 15.
    More Never Again IV, The availability digest (February 2010), http://www.availabilitydigest.com/public_articles/0502/more_never_agains_4.pdf
  16. 16.
    Chandra, S., Khan, R.A.: Confidentiality Checking an Object-Oriented Class Hierarchy. Network Security 2010(3), 16–20 (2010)CrossRefGoogle Scholar
  17. 17.
    Chandra, S., Khan, R.A.: A Methodology to Check Integrity of a Class Hierarchy. International Journal of Recent Trends in Engineering, Academy 2(4), 83–85 (2009)Google Scholar
  18. 18.
    Cardoso: Process control-flow complexity metric: An empirical validation. In: IEEE International Conference on Services Computing, IEEE SCC 2006, 18-22 September, pp. 167–173. IEEE Computer Society (2006)Google Scholar

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  • Shalini Chandra
    • 1
  • Raees Ahmad Khan
    • 1
  1. 1.Department of Information TechnologyBBA UniversityLucknowIndia

Personalised recommendations