Attack Simulation based Software Protection Assessment Method with Petri Net

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving valuable software assets. However, software developers still lack an effective methodology for the assessment of deployed protections, especially in the area of mobile applications. To solve these issues, we present a novel attack simulation based software protection assessment method to evaluate and compare different protection solutions. Our solution relies on Petri Nets to specify and visualize attack models of mobile applications. We developed a Monte Carlo based approach to simulate attacking processes and to deal with the uncertainty. Then, based on this simulation, a novel protection comparison model is proposed to compare different protection solutions. Finally, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a case study process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.