Proceedings of the 13th European Conference on Software Architecture - Volume 2 2019
DOI: 10.1145/3344948.3344995
|View full text |Cite
|
Sign up to set email alerts
|

Inspection guidelines to identify security design flaws

Katja Tuma
1
,
Danial Hosseini
2
,
Kyriakos Malamas
3
et al.

Abstract: Recent trends in the software development practices (Agile, De-vOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for potential vulnerabilities and design flaws. Yet, design flaws are often documented with natural language and require a manual analysis, which is inefficient. Besides low-level vulnerability databases (e.g., CWE, CAPEC) there is little systematized knowledge on security design flaw… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
5

Relationship

1
4

Authors

Journals

citations
Cited by 7 publications
(4 citation statements)
references
References 19 publications
(32 reference statements)
0
4
0
Order By: Relevance
“…Four case studies are discussed in [10] using a strategic, system-wide architectural approach, implemented as a security framework. Guidelines are proposed to detect security design flaws in [31]. Both of them lack an automatic process as well.…”
Section: Related Workmentioning
confidence: 99%

An Asset-Based Assistance for Secure by Design

Messe
1
,
Belloir
2
,
Chiprianov
3
et al. 2020
2020 27th Asia-Pacific Software Engineering Conference (APSEC)
2
0
0
0
View full textAdd to dashboardCite
“…Four case studies are discussed in [10] using a strategic, system-wide architectural approach, implemented as a security framework. Guidelines are proposed to detect security design flaws in [31]. Both of them lack an automatic process as well.…”
Section: Related Workmentioning
confidence: 99%

An Asset-Based Assistance for Secure by Design

Messe
1
,
Belloir
2
,
Chiprianov
3
et al. 2020
2020 27th Asia-Pacific Software Engineering Conference (APSEC)
2
0
0
0
View full textAdd to dashboardCite
“…This work is based on the catalog of security design flaws proposed by Malamas and Hosseini [6] (and later re-evaluated by Tuma et al [14]). We briefly summarize the contents and origin of this catalog, and zoom into a single security design flaw, namely "Insecure Data Exposure", which is used extensively throughout this paper.…”
Section: Security Design Flawsmentioning
confidence: 99%
“…Another resource from MITRE is CAPEC [5] which provides this information from an attacker perspective. Finally, the issues of similar flaws (Section V-B) have led Tuma et al [14] to do a re-evaluation of the security catalog and they suggest several improvements to reduce overlap between the flaws. While the above catalogs provide an extensive set of issues to identify, applying that knowledge a concrete application's design model requires translating this knowledge to practical detection rules, linked to a suitable system description that supports automatic assessment.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation

Towards Automated Security Design Flaw Detection

Sion
1
,
Tuma
2
,
Scandariato
3
et al. 2019
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)
Self Cite
12
0
0
0
View full textAdd to dashboardCite
show abstract

Automatic Security-Flaw Detection Replication and Comparison

Berger,
Plump
2023
2023 ACM/IEEE 26th International Conference on Model Driven Engineering Languages and Systems (MODELS)
0
0
0
0
View full textAdd to dashboardCite
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.