Towards Automatic Risk Analysis and Mitigation of Software Applications - Information Security Theory and Practice Access content directly
Conference Papers Year : 2016

Towards Automatic Risk Analysis and Mitigation of Software Applications

Leonardo Regano
  • Function : Author
  • PersonId : 1023195
Politecnico di Torino = Polytechnic of Turin
Daniele Canavese
  • Function : Author
  • PersonId : 1023196
Politecnico di Torino = Polytechnic of Turin
Cataldo Basile
  • Function : Author
  • PersonId : 1023197
Politecnico di Torino = Polytechnic of Turin
Alessio Viticchié
  • Function : Author
  • PersonId : 1023198
Politecnico di Torino = Polytechnic of Turin
Antonio Lioy
  • Function : Author
  • PersonId : 1023199
Politecnico di Torino = Polytechnic of Turin

Abstract

This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.

Domains

Computer Science [cs]
Fichier principal
Vignette du fichier
421627_1_En_8_Chapter.pdf (185.52 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Hal Ifip  : Connect in order to contact the contributor

https://inria.hal.science/hal-01639603

Submitted on : Monday, November 20, 2017-2:53:36 PM

Last modification on : Tuesday, November 30, 2021-2:32:02 PM

Long-term archiving on: Wednesday, February 21, 2018-2:25:59 PM

Download

Dates and versions

hal-01639603 , version 1 (20-11-2017)

Licence

Attribution

Identifiers

Cite

Leonardo Regano, Daniele Canavese, Cataldo Basile, Alessio Viticchié, Antonio Lioy. Towards Automatic Risk Analysis and Mitigation of Software Applications. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. pp.120-135, ⟨10.1007/978-3-319-45931-8_8⟩. ⟨hal-01639603⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP-LNCS IFIP IFIP-TC IFIP-TC11 IFIP-WISTP IFIP-WG11-2 IFIP-LNCS-9895
142 View
112 Download

Altmetric

Share

Gmail Facebook X LinkedIn More