Web of Science: 3 citations, Scopus: 6 citations, Google Scholar: citations
Automating risk analysis of software design models
Frydman, Maxime (Universitat Autònoma de Barcelona. Departament d'Arquitectura de Computadors i Sistemes Operatius)
Ruiz, Guifré (OpenWeb Application Security Project (USA))
Heymann Pignolo, Elisa (Universitat Autònoma de Barcelona. Departament d'Arquitectura de Computadors i Sistemes Operatius)
César Galobardes, Eduardo (Universitat Autònoma de Barcelona. Departament d'Arquitectura de Computadors i Sistemes Operatius)
Miller, Barton P. (University of Wisconsin. Computer Sciences Department)

Date: 2014
Abstract: The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost,making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from theMicrosoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.
Note: Número d'acord de subvenció MINECO/TIN2011-24384
Rights: Aquest document està subjecte a una llicència d'ús Creative Commons. Es permet la reproducció total o parcial, la distribució, la comunicació pública de l'obra i la creació d'obres derivades, fins i tot amb finalitats comercials, sempre i quan es reconegui l'autoria de l'obra original. Creative Commons
Language: Anglès.
Document: article ; recerca ; publishedVersion
Subject: Computer Security ; Models Theoretical ; Risk Assessment ; Software Design
Published in: The Scientific World Journal, Vol. 2014 (June 2014) , art. 805856, ISSN 1537-744X

DOI: 10.1155/2014/805856
PMID: 25136688


13 p, 1.9 MB

The record appears in these collections:
Articles > Research articles
Articles > Published articles

 Record created 2019-04-24, last modified 2019-07-21



   Favorit i Compartir