Threat-Driven Design and Analysis of Secure Software Architectures

被引:0
|
作者
Xu, Dianxiang [1 ]
Pauli, Joshua J. [1 ,2 ]
机构
[1] North Dakota State Univ, Dept Comp Sci, IACC 258, Fargo, ND 58105 USA
[2] Dakota State Univ, Coll Business & Informat Syst, Madison, SD 57042 USA
来源
JOURNAL OF INFORMATION ASSURANCE AND SECURITY | 2006年 / 1卷 / 03期
关键词
Software architecture; security; threat modeling; use case; misuse case;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Computer software is a major source of security risks in information systems. To deal with software security issues in the early stages of software development, this paper presents a threat-driven approach to the architectural design and analysis of secure software. Based on the identification and mitigation of security threats as misuse use cases, we leverage use cases, misuse cases, and mitigation use cases to design architectural components and their connections for candidate architectures. We then analyze whether or not candidate architectures are resistant to the identified security threats and what constraints must be imposed on the choices of system implementation. This provides a smooth transition from requirements specification to high-level design and greatly improves the traceability of security concerns in high assurance software systems. We demonstrate our approach through two case studies; one on a hospital information system and one on a payroll information system.
引用
收藏
页码:171 / 180
页数:10
相关论文
共 50 条
  • [1] Threat-driven modeling and verification of secure software using aspect-oriented Petri nets
    Xu, DX
    Nygard, KE
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2006, 32 (04) : 265 - 278
  • [2] Design of Secure Software Architectures with Secure Connectors
    Shin, Michael E.
    Gomaa, Hassan
    Pathirage, Don
    Baker, Chase
    Malhotra, Bhavya
    [J]. INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2016, 26 (05) : 769 - 805
  • [3] Secure software Architectures design by aspect orientation
    Yu, HQ
    Liu, DM
    He, XD
    Yang, L
    Gao, S
    [J]. ICECCS 2005: 10TH IEEE INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS, PROCEEDINGS, 2005, : 47 - 55
  • [4] A Threat-Driven Approach to Modeling a Campus Network Security
    Naagas, Marlon A.
    Palaoag, Thelma D.
    [J]. PROCEEDINGS OF 2018 6TH INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND BROADBAND NETWORKING (ICCBN 2018), 2018, : 6 - 12
  • [5] Aspect-oriented specification of threat-driven security requirements
    Xu, Dianxiang
    Goel, Vivek
    Nygard, Kendall E.
    Wong, W. Eric
    [J]. INTERNATIONAL JOURNAL OF COMPUTER APPLICATIONS IN TECHNOLOGY, 2008, 31 (1-2) : 131 - 140
  • [6] Design and evaluation of secure software architectures for web applications
    Ambrose, Jude Angelo
    Petkov, Emil
    [J]. WMSCI 2006: 10TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL III, PROCEEDINGS, 2006, : 365 - 370
  • [7] Secure software architectures
    Moriconi, M
    Qian, XL
    Riemenschneider, RA
    Gong, L
    [J]. 1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, : 84 - 93
  • [8] A Framework for Threat-driven Cyber Security Verification of IoT Systems
    Kulik, Tomas
    Tran-Jorgensen, Peter W. V.
    Boudjadar, Jalil
    Schultz, Carl
    [J]. 2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS (ICSTW), 2018, : 89 - 97
  • [9] Aspect-oriented specification of threat-driven security requirements
    Department of Computer Science, North Dakota State University, Fargo, ND 58105, United States
    不详
    不详
    不详
    不详
    不详
    [J]. Int J Comput Appl Technol, 2008, 1-2 (131-140):
  • [10] Threat-Driven Dynamic Security Policies for Cyber-Physical Infrastructures
    Hallett, Joseph
    Foley, Simon N.
    Manda, David
    Gardiner, Joseph
    Jonckers, Dimitri
    Joosen, Wouter
    Rashid, Awais
    [J]. CRITICAL INFORMATION INFRASTRUCTURES SECURITY, CRITIS 2022, 2023, 13723 : 9 - 26
12345