A methodology for architecture-level reliability risk analysis

Yacoub, Sherif M.; Ammar, H.H.

doi:10.1109/tse.2002.1010058

Cited by 133 publications

(107 citation statements)

References 28 publications

Supporting

Mentioning

104

Contrasting

Unclassified

Order By: Relevance

“…Researchers [31,32] are accepting these selection of linear scale values for the severity classes. The damage may be classified into different classes as mentioned above or it may be quantified into money value, whatever the analyst feels better.…”

Section: Method-level Failure Modes and Effect Analysismentioning

confidence: 99%

Prioritizing Program Elements: A Pretesting Effort to Improve Software Quality

Ray

Mohapatra

2012

ISRN Software Engineering

View full text Add to dashboard Cite

Improving the efficiency of a testing process is a challenging task. Prior work has shown that often, a small number of bugs account for the majority of the reported software failures; and often, most bugs are found in a small portion of the source code of a program. First, prioritizing the code elements according to their criticality and then conducting testing, will promote to reveal the important bugs at the early phase of testing. Keeping it in view, we propose an efficient test effort prioritization method that give a chance to the tester to focus more on the parts of the source code that are highly influenced towards the system failures or in which, the failures have high impact on the system. We consider five important factors such as influence towards system failures, average execution time, structural complexity, severity, and business value associated with a component and estimates the criticality of the component within a system. We have experimentally proved that our proposed test effort prioritization approach is effective in revealing important bugs at the early phase of testing as it is linked to external measure of defect severity and business value, internal measure of frequency, complexity, and coupling.

show abstract

Section: Method-level Failure Modes and Effect Analysismentioning

confidence: 99%

Prioritizing Program Elements: A Pretesting Effort to Improve Software Quality

Ray

Mohapatra

2012

ISRN Software Engineering

View full text Add to dashboard Cite

show abstract

“…In a security C&A process, our probabilistic risk assessment is motivated by the following needs to: 1) Make the process of risk assessment more explicit and systematic to support better decisions under uncertainty; 2) Make risk assessment techniques be based on probabilistic metrics that can be evaluated systematically with little involvement of subjective measures from domain experts [34]; 3) Classify the relevant risk components and map their causal relationships to concepts in the domain-specific taxonomies of threats, assets, vulnerabilities, and countermeasures modeled in the PDO; 4) Use BBN to represent and model uncertainty among dependability requirements in C&A process then, analyze causal relationships and impacts qualitatively and quantitatively among different risk components; and 5) Automatically generate BBN according to the given risk assessment scenarios. Also, our probabilistic risk assessment approach has the following benefits: 1) Different stakeholders can have an explicit and common understanding of the risk assessment process and the decision rationale; 2) Every phase of risk assessment process is arguable and can be re-evaluated based on the common understanding; and 3) Simulation is possible through sensitivity analysis to show how different risk components are related to and impacted by each other.…”

Section: A Motivations and Benefitsmentioning

confidence: 99%

Probabilistic Risk Assessment for Security Requirements: A Preliminary Study

Lee

2011

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

View full text Add to dashboard Cite

-Risk assessment is a critical decision making process during the Security Certification and Accreditation (C&A) process. However, existing infrastructure-wide C&A processes in real world are challenged by the ever increasing complexity of information systems and their diverse socio-technical operational environments. The lack of an explicit model and the associated uncertainties of software behavior are two main reasons that directly impact the effectiveness of risk assessment as well as the subjective decisions made based on the different level of domain expertise. In this paper, we propose a method for a probabilistic modeldriven risk assessment on security requirements. The security requirements and their causal relationships are represented using MEBN (Multi-Entities Bayesian Networks) logic that constructs an explicit formal risk assessment model that supports evidence-driven arguments. The proposed approach is described by using real-world C&A scenarios to show not only its feasibility for security requirements risk assessment but also its effectiveness for the sensitivity analysis to identify critical influences among information entities in a complex and uncertain operational environment.

show abstract

“…In large hierarchical systems, a system is composed of several subsystems, which in turn, are composed of components. The system risk is an aggregate of individual component risk factors [10,18]. Risk = frequency × severity (11)…”

Section: Software Component Risk Assessmentsmentioning

confidence: 99%

“…For example, assuming that the frequency of failure for each line code is 10 -5 per year, the frequency of failure for a 1000 lines code component is computed to be about 0.01 per year. This estimating method was adopted by other researchers as well [10]. For the companies that are using shrink-wrapped software in which the LOC is not known, other…”

Section: Frequency Of Failurementioning

confidence: 99%

“…The Software Engineering Institute (SEI) deals with software risk on a high/medium/low (H/M/L) basis. Some researchers [9,10] used quantitative factors such as complexity factors, connection factors, and severity indices for the estimation of software risk. The more complex the software is, the higher the probability that it will have faults.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Genetic algorithm based software integration with minimum software risk

Long

Jones

Yang

2006

Information and Software Technology

View full text Add to dashboard Cite

Abstract. This paper investigates an approach of integrating software with a minimum risk using Genetic Algorithms (GA). The problem was initially proposed by the need of sharing common software components among various departments within a same organization. Two significant contributions have been made in this study: (1) an assimilation exchange based software integration approach is proposed; (2) the software integration problem is formulated as a search problem and solved by using a GA. A case study is based on an on-going software integration project carried out in the Derbyshire Fire Rescue Service, and used to illustrate the application of the approach.

show abstract

A methodology for architecture-level reliability risk analysis

Cited by 133 publications

References 28 publications

Prioritizing Program Elements: A Pretesting Effort to Improve Software Quality

Prioritizing Program Elements: A Pretesting Effort to Improve Software Quality

Probabilistic Risk Assessment for Security Requirements: A Preliminary Study

Genetic algorithm based software integration with minimum software risk

Contact Info

Product

Resources

About