%0 Conference Proceedings
%T Towards Automatic Risk Analysis and Mitigation of Software Applications
%+ Politecnico di Torino = Polytechnic of Turin (Polito)
%A Regano, Leonardo
%A Canavese, Daniele
%A Basile, Cataldo
%A Viticchié, Alessio
%A Lioy, Antonio
%Z Part 3: Attacks to Software and Network Systems
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 10th IFIP International Conference on Information Security Theory and Practice (WISTP)
%C Heraklion, Greece
%Y Sara Foresti
%Y Javier Lopez
%I Springer International Publishing
%3 Information Security Theory and Practice
%V LNCS-9895
%P 120-135
%8 2016-09-26
%D 2016
%R 10.1007/978-3-319-45931-8_8
%K Software protection
%K Software risk analysis
%K Software attacks
%Z Computer Science [cs]Conference papers
%X This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.
%G English
%Z TC 11
%Z WG 11.2
%2 https://inria.hal.science/hal-01639603/document
%2 https://inria.hal.science/hal-01639603/file/421627_1_En_8_Chapter.pdf
%L hal-01639603
%U https://inria.hal.science/hal-01639603
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-WISTP
%~ IFIP-WG11-2
%~ IFIP-LNCS-9895