International Journal On Cyber Situational Awareness (IJCSA)
ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182
Published Semi-annually. Est. 2014
Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary
Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK
Dr Thomas Owens, Senior Lecturer & Director of Quality, Department of Electronic and Computer Engineering, Brunel University, London, UK
Attack Simulation based Software Protection Assessment Method with Petri Net
Gaofeng Zhang, Paolo Falcarin, Elena Gómez-Martínez, Shareeful Islam, Christophe Tartary, Bjorn De Sutter and Jérôme d’Annoville
Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving valuable software assets. However, software developers still lack an effective methodology for the assessment of deployed protections, especially in the area of mobile applications. To solve these issues, we present a novel attack simulation based software protection assessment method to evaluate and compare different protection solutions. Our solution relies on Petri Nets to specify and visualize attack models of mobile applications. We developed a Monte Carlo based approach to simulate attacking processes and to deal with the uncertainty. Then, based on this simulation, a novel protection comparison model is proposed to compare different protection solutions. Finally, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a case study process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.
Keywords: Mobile Software Security; Software Protection Assessment; Attack Simulation; Monte Carlo Method; Petri Net
Volume 1. No. 1
Date: Nov. 2016
Reference to this paper should be made as follows: Zhang, G., Falcarin, P., Gómez-Martínez, E., Islam, S., Tartary, C., De Sutter, B., & d’Annoville, J. (2016). Attack Simulation based Software Protection Assessment Method with Petri Net. International Journal on Cyber Situational Awareness, Vol. 1, No. 1, pp152-181.