Khaled Mahar
threat-driven modeling framework for secure software using aspect-oriented stochastic petri nets
design-level vulnerabilities are a main source of security risks in software. a great deal of software is designed in an ad hoc fashion. to improve the reliability of software design, this paper presents a modified threat-driven modeling framework, to determine which threats require mitigationhow to mitigate the threats. to specify the functionsthreat mitigations of a security design as a whole, aspect-oriented stochastic petri nets are used as a formal amplified model. moreover, this paper proposes an adapted augmented approach to define software security metrics based on vulnerabilities included in the software systemstheir impacts on software quality. the common vulnerability scoring system (cvss), a vulnerability scoring system designed to provide a standardized method for rating software vulnerabilities, is used as the basis in the metric definitioncalculations. furthermore, a case study is detailed, which shows the essencefeasibility of using aspect-oriented stochastic petri net models for threat modelingthat the proposed security metrics are consistent with common practice.