Threat Modeling for Security Failure-Tolerant Requirements

被引:1
|
作者
Shin, Michael [1 ]
Dorbala, Swetha [1 ]
Jang, Dongsoo [1 ]
机构
[1] Texas Tech Univ, Dept Comp Sci, Lubbock, TX 79409 USA
来源
2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM) | 2013年
关键词
threat modeling; threat point; security point; use case model; security failure-tolerant requirements;
D O I
10.1109/SocialCom.2013.89
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.
引用
收藏
页码:594 / 599
页数:6
相关论文
共 50 条
  • [41] MEDICALHARM: A threat modeling designed for modern medical devices and a comprehensive study on effectiveness, user satisfaction, and security perspectives
    Kwarteng, Emmanuel
    Cebe, Mumin
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2024, 23 (03) : 2225 - 2268
  • [42] Eliciting Security Requirements - An Experience Report
    Trentinaglia, Roman
    Merschjohann, Sven
    Fockel, Markus
    Eikerling, Hendrik
    REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY, REFSQ 2023, 2023, 13975 : 351 - 365
  • [43] Identifying Security Requirements Hybrid Technique
    Gandotra, Vandana
    Singhal, Archana
    Bedi, Punam
    2009 FOURTH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING ADVANCES (ICSEA 2009), 2009, : 407 - 412
  • [44] Automated Security Test Generation with Formal Threat Models
    Xu, Dianxiang
    Tu, Manghui
    Sanford, Michael
    Thomas, Lijo
    Woodraska, Daniel
    Xu, Weifeng
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2012, 9 (04) : 526 - 540
  • [45] A threat model-based approach to security testing
    Marback, Aaron
    Do, Hyunsook
    He, Ke
    Kondamarri, Samuel
    Xu, Dianxiang
    SOFTWARE-PRACTICE & EXPERIENCE, 2013, 43 (02): : 241 - 258
  • [46] A Hybrid Threat Model for Software Security Requirement Specification
    Omotunde, Habeeb
    Ibrahim, Rosziati
    2016 INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND SECURITY (ICISS), 2014, : 56 - 59
  • [47] Machine Learning Security: Threat Model, Attacks, and Challenges
    Koball, Carson
    Wang, Yong
    Rimal, Bhaskar P.
    Vaidyan, Varghese
    COMPUTER, 2024, 57 (10) : 26 - 35
  • [48] ANTI-FORENSIC THREAT MODELING
    Hoelz, Bruno
    Maues, Marcelo
    ADVANCES IN DIGITAL FORENSICS XIII, 2017, 511 : 169 - 183
  • [49] Threat Modeling for Breaking of CAPTCHA System
    Suvarna, Divya
    Pathak, Sujata
    INTELLIGENT COMPUTING, INFORMATION AND CONTROL SYSTEMS, ICICCS 2019, 2020, 1039 : 94 - 104
  • [50] Threat modeling - A systematic literature review
    Xiong, Wenjun
    Lagerstrom, Robert
    COMPUTERS & SECURITY, 2019, 84 : 53 - 69