セキュリティパッチによる保守を伴うソフトウェアシステムに対するセキュリティ評価(ソフトウェアの信頼性,信頼性理論,信頼性一般)

Presentation	2010-05-28 Security evaluation of software system with security patch maintenance Masataka TOKUZANE, Hiroyuki OKAMURA, Tadashi DOHI,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	This paper proposes software security criterion based on a stochastic model. Especially we consider the software system with maintenance by security patches. A well-known queueing model is applied to modeling the relationship between the discoveries of security holes and security patch releases. Based on the queueing model, we formulate the security reliability which in the probability of no security failure occurrence during a specific time period. In numerical examples, we present the security evaluation based on our model and real software vulnerability data.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	software security / security reliability / non-homogeneous Poisson process / queueing model
Paper #	R2010-16
Date of Issue

Paper Information
Registration To	Reliability(R)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Security evaluation of software system with security patch maintenance
Sub Title (in English)
Keyword(1)	software security
Keyword(2)	security reliability
Keyword(3)	non-homogeneous Poisson process
Keyword(4)	queueing model
1st Author's Name	Masataka TOKUZANE
1st Author's Affiliation	Department of Information Engineering, Graduate School of Engineering, Hiroshima University()
2nd Author's Name	Hiroyuki OKAMURA
2nd Author's Affiliation	Department of Information Engineering, Graduate School of Engineering, Hiroshima University
3rd Author's Name	Tadashi DOHI
3rd Author's Affiliation	Department of Information Engineering, Graduate School of Engineering, Hiroshima University
Date	2010-05-28
Paper #	R2010-16
Volume (vol)	vol.110
Number (no)	62
Page	pp.pp.-
#Pages	6
Date of Issue