Open Access Open Access  Restricted Access Subscription or Fee Access

The Network Security Assessment Instrument to Reduce Software Security Risk

N. Prasanna Balaji, U. Sreenivasulu, Ganji pramod

Abstract


The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems.Each tool’s resulting output provides feedback into the other tools.Thus more comprehensive assessment results are attained through the leverage each tool provides to the other when the are employed in concert. This project presents a portion of a research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

The portion, the flexible modeling Framework (FMF), has promise in the areas of network security as well as other critical areas such as system safety.

Software Security is a major concern due to the risk to both controlled and no controlled systems from potential lost or corrupted data, theft of information, and unavailability of systems, especially mission critical systems, 

This research examines formal verification of IT security of
network aware software and systems through the creation of a security assessment instrument for the software development and maintenance life cycle.
The network security assessment instrument is composed of 5 parts:
1. A Vulnerability Matrix
2. Additional Security Assessment Tools (SATs)
3. A Property Based Testing (PBT) Tool, and
4. A Flexible Modeling Framework (FMF)
5. A Software Security Checklist
The vulnerability contains vulnerability descriptions and the code used to exploit them.
The SATs are a collection of tools available to test for potential weaknesses of software code. The PBT tool performs formal verification of properties at the code level. Like the PBT tool, the FMF formally verifies properties over the system.
The FMF performs this action at the abstract level when code may or may not yet exist.

The SSC will provide software code developers with another instrument for writing secure code for network aware applications


Keywords


Additional Security Assessment Tools (SATs), Flexible Modeling Framework (FMF), Property Based Testing (PBT) Tool, Software Security Checklist (SSC), and Vulnerability Matrix.

Full Text:

PDF

References


An Input–Output Measurable Design For The Security Meter Model To Quantify And Manage Software Security Risk Mehmet Sahinoglu, Senior Member, Ieee, IEEE Transactions On Instrumentation And Measurement,Vol. 57, No. 6, June 2008

Systematic Security Analysis for Service-Oriented Software Architectures, Yanguo (Michael) Liu, Issa Traore, Department of Electrical and Computer Engineering, University of Victoria, BC,Canada, IEEE International Conference on e Business Engineering 0-7695-3003-6/07 $25. 00 © 2007 IEEE

A Danger Theory Inspired Multi-agent Fusion Model for Network Security, Assessment, ZhenYu Zhou, JianJing Shen, XinPeng Zhang,College of Science, Information Engineering University, 450001 ZhengZhou, China, Third International Conference on Natural Computation (ICNC 2007)

Network Security Assessment - An Important Task In Distribution Systems With Dispersed Generation, 20th International Conference On Electricity Distribution, Prague, 8 11 June 2009

R. Weaver, Guide to Network Defense and Countermeasures, 2nd ed. Washington, DC: Thomson, 2007. (Managing Risk in Secure Systems), Spring Cluster 2008.

NASA, NASA Procedural Requirements, Physical Security Vulnerability Risk Assessments, Document NPR 1620. 2, expires Jul. 15, 2009.

C. R. Pandian, Applied Software RiskManagement—A Guide for Software Project Managers. Boca Raton, FL: Auerbach, 2007.

M. Sahinoglu, Trustworthy Computing—Analytical and QuantitativeEngineering Evaluation. Hoboken, NJ: Wiley, Aug. 2007.

M. Y. Liu, I. Traore, “Quantitative Security Analysis for Service Oriented Software Architecture”, Technical Report No. ECE-07-5, University of Victoria, ECE Department, PO Box 3055 STN CSC, Victoria, BC,Canada, May 2007.

M. Y. Liu, I. Traore, “Complexity Measures for Secure Service-Oriented Software Architectures”, in Proc. of 3rd International Workshop on Predictor Models in Software Engineering (PROMISE 2007), May 20, 2007, Minneapolis, Minnesota, USA, In Conjunction with 29th Int. Conf. on Software Engineering (ICSE).

T. Keil, J. Jager, A. Shustov, Th. Degner, 2007, "Changing network conditions due to distributed generation - Systematic review and analysis of their impacts on protection, control and communication systems",Proceedings ClRED 1gth Int. Conference on Electricity Distribution,Vienna, Austria .

R. Krebs, J. Jager, G. Ziegler, 2008, "Venneidung kaskadierender,Schutzauslosungen", 9. GMA/ETG Fachtagung, Miinchen, Germany.

A Danger Theory Inspired Multi-agent Fusion Model for Network Security Assessment, ZhenYu Zhou; JianJing Shen; XinPeng Zhang;,Natural Computation, 2007. ICNC 2007.

Network security assessment - An important task in distribution systems with dispersed generation, Jager, Johann; Keil, Timo; Dienstbier,Andreas; Lund, Per; Krebs, Rainer; Electricity Distribution, 2009 20th International Conference and Exhibition on 8-11 June 2009

Network-security measures for highly loaded power systems, Krebs, R.;Wache, M.;Power & Energy Society General Meeting, 2009. PES '09.IEEE, 26-30 July 2009.

A Network Security Evaluation Model based on Common Criteria,Xiao-Hua Wu; Jian-Pin Li; Wang Yao; Apperceiving Computing and Intelligence Analysis, 2008. ICACIA 2008. International Conference on 13-15 Dec. 2008

A Composite Network Security Assessment, Kondakci, S.; Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on 8-10 Sept. 2008

Future distribution systems with dispersed generation will require network security measures as transmission systems of today, Krebs, R.; Lerch, E.; Ruhle, O.; Gal, S.; Lazar, F.; Paunescu, D.; Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 2008 IEEE 20-24 July 2008

Network Security Assessment Based on Fuzzy Sets and Rough Sets, Li,Rui; Yang, Yi; Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on 24-26 Sept. 2009

Study of Rough Set and Clustering Algorithm in Network Security Management Qu Zhiming; Wang Xiaoli; Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09.International Conference on Volume 1, 25 26 April 2009.

Vision 2020: Blackout prevention by combined protection and network security assessment Krebs, R.; Lerch, E.; Ruhle, O.; Gal, S.; Lazar, F.;Paunescu, D.; Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 2008 IEEE 20-24 July 2008

A Quantitative Evaluation Model for Network Security Man, Dapeng;Yang, Wu; Yang, Yongtian; Wang, Wei; Zhang, Lejun; Computational Intelligence and Security, 2007 International Conference on 15-19 Dec.2007

Support vector machines for on-line security analysis of power systems Cortes-Carmona, M.; Jimenez-Estevez, G.; Guevara-Cedeno, J.;Transmission and Distribution Conference and Exposition: Latin America, 2008 IEEE/PES 13-15 Aug. 2008

P. Danzig, J. Mogul, V. Paxson, and M. Schwartz. Acmsigcomm: The internet traffic archive, Apr. 2008.

S. Kondakci. A new assessment and improvement model of risk propagation in information security. Int. J. Information and Computer Security, 1(3):341–366, 2007.

S. Kondakci. Remote security evaluation agent for the RSEP protocol. In Int. Conf. on Security of Information and Networks, volume 1, pages 186–195. Trafford Pub., 2007.

Sourceforge. The network simulator ns-2, Apr. 2008.

Turner. The internet traffic generator, Apr. 2008.

Lerch, E.; Ruhle, O.; Kerin, U.: DSA-Visualisation, monitoring and ranking of dynamic behaviour. IFAC, 2. -6. July 2007, Seoul, Korea

R. Krebs, E. Lerch, O. Ruhle, “Blackout prevention by dynamic security assessment after severe fault conditions” Protection and Substation Automation of Modern EHV Power Systems, Cheboksary, Moscow,Russia, Sep. 9-12, 2007.

Chacraborty, P.; Ganjavi, M. -R.; Krebs, R.: Blackout prevention by protection and dynamic network security assessment after severe fault situations. 4th Int. Conf. on Power System Protection and Automation, 21.- 22- Nov. 2007, New Delhi, India.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.