Knowledge-enriched security and privacy threat modeling

Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings Pub Date : 2018-05-27 DOI:10.1145/3183440.3194975

Laurens Sion, Koen Yskout, D. Landuyt, W. Joosen

{"title":"Knowledge-enriched security and privacy threat modeling","authors":"Laurens Sion, Koen Yskout, D. Landuyt, W. Joosen","doi":"10.1145/3183440.3194975","DOIUrl":null,"url":null,"abstract":"Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"97 3","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3183440.3194975","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design.

查看原文本刊更多论文

知识丰富的安全和隐私威胁建模

创建安全和隐私保护系统需要同时协调开发活动，沿着三个不同但相互影响的维度:将(安全和隐私)目标转换为设计选择，分析威胁的设计，并根据目标对这些威胁执行风险分析。这些活动往往是孤立地执行的，这种脱节妨碍了确定引发的威胁的优先次序、评估哪些威胁已得到充分缓解，以及就哪些风险可以接受作出决策。在提出的TMaRA方法中，我们通过集成对威胁建模、风险分析和设计决策的支持来促进这些维度的同时考虑。系统地对关键风险评估输入进行建模，并将威胁建模工作反馈到风险管理过程中。这使得可以根据估计的风险对威胁进行优先级排序，从而为设计中的系统提供风险缓解、接受或转移方面的决策支持。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

自引率

0.00%

发文量