Towards Automatic Risk Analysis and Mitigation of Software Applications

Abstract : This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.
Type de document :
Communication dans un congrès
Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.120-135, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_8〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01639603
Contributeur : Hal Ifip <>
Soumis le : lundi 20 novembre 2017 - 14:53:36
Dernière modification le : lundi 20 novembre 2017 - 14:56:13
Document(s) archivé(s) le : mercredi 21 février 2018 - 14:25:59

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Leonardo Regano, Daniele Canavese, Cataldo Basile, Alessio Viticchié, Antonio Lioy. Towards Automatic Risk Analysis and Mitigation of Software Applications. Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.120-135, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_8〉. 〈hal-01639603〉

Partager

Métriques

Consultations de la notice

203