Modeling and quantitatively predicting software security based on stochastic Petri nets

To quantitatively predict software security in the design phase, hierarchical software security modeling and evaluation methods are proposed based on Stochastic Petri Nets (SPNs). Hierarchical methods mitigate the state‐space explosion problem in SPNs. An isomorphic Markov Chain (MC) is obtained from the component SPN model. The security prediction value is calculated based on the probability distribution of the MC in the steady state. A sensitivity analysis method is proposed through evaluating the derivative of the security evaluation prediction equation. It provides a means to identify and trace back to the critical components for security enhancing. Security prediction and sensitivity analysis in the design phase provide the possibility to investigate and compare different solutions to the target system before realization. A case study shows the applicability and feasibility of our method.