{"title":"增强设计级安全性:将攻击树与状态图集成","authors":"O. Ariss, Jianfei Wu, Dianxiang Xu","doi":"10.1109/SSIRI.2011.11","DOIUrl":null,"url":null,"abstract":"Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, however, are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior, then integrates this behavior into state chart-based functional models. Through the focus on both the functional and threat behavior, software engineers can introduce, clearly define and understand security concerns as software is designed. To identify vulnerabilities, our approach then applies security analysis and threat identification to the integrated model.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts\",\"authors\":\"O. Ariss, Jianfei Wu, Dianxiang Xu\",\"doi\":\"10.1109/SSIRI.2011.11\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, however, are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior, then integrates this behavior into state chart-based functional models. Through the focus on both the functional and threat behavior, software engineers can introduce, clearly define and understand security concerns as software is designed. To identify vulnerabilities, our approach then applies security analysis and threat identification to the integrated model.\",\"PeriodicalId\":224250,\"journal\":{\"name\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SSIRI.2011.11\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts
Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, however, are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior, then integrates this behavior into state chart-based functional models. Through the focus on both the functional and threat behavior, software engineers can introduce, clearly define and understand security concerns as software is designed. To identify vulnerabilities, our approach then applies security analysis and threat identification to the integrated model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
