Security based survivability risk analysis with extended HQPN

Hyunsang Youn; Cheolhyun Park; Eunseok Lee

doi:10.1145/1968613.1968644

Security based survivability risk analysis with extended HQPN

Hyunsang Youn
, Cheolhyun Park
, Eunseok Lee

Sungkyunkwan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Analysis of software survivability in the early development phase is very important to validate and specify software architecture. Specifically, quantitative evaluation of survivability is very useful to determine the architecture and to estimate the risk. The risk factor can be quantified as a combination of the probability that a software system may be failed through security threat and the severity of the damages caused by the attack. In this paper, we devise a methodology for analysis of risk factor which originates from violations of security goal. We elaborate Extended Hierarchically combined Queueing Petri Nets (E-HQPN) to estimate the survival failure probability with regard to attack and combines it with the severity of the failure consequence obtained using the Functional Failure Analysis. We apply the methodology on the development of an e-business application using step-bystep approach.

Original language	English
Title of host publication	Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450305716
DOIs	https://doi.org/10.1145/1968613.1968644
State	Published - 21 Feb 2011
Externally published	Yes
Event	5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011 - Seoul, Korea, Republic of Duration: 21 Feb 2011 → 23 Feb 2011

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011
Country/Territory	Korea, Republic of
City	Seoul
Period	21/02/11 → 23/02/11

Keywords

E-HQPN
Security risk
Security threat
Survivability

Access to Document

10.1145/1968613.1968644

Cite this

@inproceedings{ccec1ad2ffd84d3e99bfeb1d9afd97a8,

title = "Security based survivability risk analysis with extended HQPN",

abstract = "Analysis of software survivability in the early development phase is very important to validate and specify software architecture. Specifically, quantitative evaluation of survivability is very useful to determine the architecture and to estimate the risk. The risk factor can be quantified as a combination of the probability that a software system may be failed through security threat and the severity of the damages caused by the attack. In this paper, we devise a methodology for analysis of risk factor which originates from violations of security goal. We elaborate Extended Hierarchically combined Queueing Petri Nets (E-HQPN) to estimate the survival failure probability with regard to attack and combines it with the severity of the failure consequence obtained using the Functional Failure Analysis. We apply the methodology on the development of an e-business application using step-bystep approach.",

keywords = "E-HQPN, Security risk, Security threat, Survivability",

author = "Hyunsang Youn and Cheolhyun Park and Eunseok Lee",

note = "Publisher Copyright: {\textcopyright} 2011 Association for Computing Machinery. All rights reserved.; 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011 ; Conference date: 21-02-2011 Through 23-02-2011",

year = "2011",

month = feb,

day = "21",

doi = "10.1145/1968613.1968644",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011",

}

Youn, H, Park, C & Lee, E 2011, Security based survivability risk analysis with extended HQPN. in Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011., 25, ACM International Conference Proceeding Series, Association for Computing Machinery, 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011, Seoul, Korea, Republic of, 21/02/11. https://doi.org/10.1145/1968613.1968644

Security based survivability risk analysis with extended HQPN. / Youn, Hyunsang; Park, Cheolhyun; Lee, Eunseok.
Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011. Association for Computing Machinery, 2011. 25 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security based survivability risk analysis with extended HQPN

AU - Youn, Hyunsang

AU - Park, Cheolhyun

AU - Lee, Eunseok

PY - 2011/2/21

Y1 - 2011/2/21

N2 - Analysis of software survivability in the early development phase is very important to validate and specify software architecture. Specifically, quantitative evaluation of survivability is very useful to determine the architecture and to estimate the risk. The risk factor can be quantified as a combination of the probability that a software system may be failed through security threat and the severity of the damages caused by the attack. In this paper, we devise a methodology for analysis of risk factor which originates from violations of security goal. We elaborate Extended Hierarchically combined Queueing Petri Nets (E-HQPN) to estimate the survival failure probability with regard to attack and combines it with the severity of the failure consequence obtained using the Functional Failure Analysis. We apply the methodology on the development of an e-business application using step-bystep approach.

AB - Analysis of software survivability in the early development phase is very important to validate and specify software architecture. Specifically, quantitative evaluation of survivability is very useful to determine the architecture and to estimate the risk. The risk factor can be quantified as a combination of the probability that a software system may be failed through security threat and the severity of the damages caused by the attack. In this paper, we devise a methodology for analysis of risk factor which originates from violations of security goal. We elaborate Extended Hierarchically combined Queueing Petri Nets (E-HQPN) to estimate the survival failure probability with regard to attack and combines it with the severity of the failure consequence obtained using the Functional Failure Analysis. We apply the methodology on the development of an e-business application using step-bystep approach.

KW - E-HQPN

KW - Security risk

KW - Security threat

KW - Survivability

UR - https://www.scopus.com/pages/publications/79956035577

U2 - 10.1145/1968613.1968644

DO - 10.1145/1968613.1968644

M3 - Conference contribution

AN - SCOPUS:85185563598

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

PB - Association for Computing Machinery

T2 - 5th International Conference on Ubiquitous Information Management and Communication, ICUIMC 2011

Y2 - 21 February 2011 through 23 February 2011

ER -

Security based survivability risk analysis with extended HQPN

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this