Modeling Security Threat Patterns to Derive Negative Scenarios

Abe, Tatsuya; Hayashi, Shinji; Saeki, Motoshi

doi:10.1109/apsec.2013.19

Cited by 13 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Empirical evidence of threat analysis performance indicators is a crucial piece of the puzzle. First, such evidence supports security experts in understanding the trade-offs between the myriad of existing threat analysis techniques (e.g., STRIDE [42], CORAS [28], attack trees [35], threat patterns [1], PASTA [52], etc.). Second, favourable performance indicators would result in cost saving for organizations where security experts are scarce.…”

mentioning

confidence: 70%

A replication of a controlled experiment with two STRIDE variants

Mbaka¹,

Tuma²

2022

Preprint

View full text Add to dashboard Cite

To avoid costly security patching after software deployment, securityby-design techniques (e.g., STRIDE threat analysis) are adopted in organizations to root out security issues before the system is ever implemented. Despite the global gap in cybersecurity workforce and the high manual effort required for performing threat analysis, organizations are ramping up threat analysis activities. However, past experimental results were inconclusive regarding some performance indicators of threat analysis techniques thus practitioners have little evidence for choosing the technique to adopt. To address this issue, we replicated a controlled experiment with STRIDE. Our study was aimed at measuring and comparing the performance indicators (productivity and precision) of two STRIDE variants (element and interaction). We conclude the paper by comparing our results to the original study. CCS CONCEPTS• Software and its engineering; • General and reference → Empirical studies;

show abstract

mentioning

confidence: 70%

A replication of a controlled experiment with two STRIDE variants

Mbaka¹,

Tuma²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Finally, the work of [114] presents a technique to model threat patterns which can be used for threat identification in business process models. The technique is based on the transformation of normal scenarios, captured by UML sequence diagrams, to negative scenarios where a threat can be realised by a mis-actor using a threat pattern rule.…”

Section: Risk Management At Business Process Modelsmentioning

confidence: 99%

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Patrick

2022

Preprint

View full text Add to dashboard Cite

Business processes are essential instruments used for the coordination of organisational activities in order to produce value in the form of products and services. Information security is an important non-functional characteristic of business processes due to the involvement of sensitive data exchanged between their participants. Therefore, potential security shortfalls can severely impact organisational reputation, customer trust and cause compliance issues. Nevertheless, despite its importance, security is often considered as a technical concern and treated as an afterthought during the design of information systems and the business processes which they support. The consideration of security during the early design stages of information systems is highly beneficial. Goal-oriented security requirements engineering ap- proaches can contribute to the early elicitation of system requirements at a high level of abstraction and capture the organisational context and rationale behind design choices. Aligning such requirements with process activities at the operational level augments the traceability between system models of different abstraction levels and leads to more robust and context-aware operationalisations of security. Therefore, there needs to be a well-defined and verifiable interconnection between a system’s security requirements and its business process models. This work introduces a framework for the design of secure business process models. It uses security-oriented goal models as its starting point to capture a socio-technical view of the system to-be and its security requirements during its early design stages. Concept mappings and model transformation rules are also introduced as a structured way of extracting business process skeletons from such goal models, in order to facilitate the alignment between the two different levels of abstraction. The extracted business process skeletons, are refined to complete business process models through the use of a set of security patterns, which standardise proven solutions to recurring security problems. Finally, the framework also offers security verification capabilities of the produced process models through the introduction of security-related attributes and model checking algorithms. Evaluation of this work is performed: (i) through individual evaluation of its components via their application in real-life systems, (ii) a workshop-based modelling exercise where participants used and evaluated parts of the framework and (iii) a case study from the public administration domain where the overall framework was applied in cooperation with stakeholders of the studied system. The evaluation indicated that the developed framework provides a structured approach which supports stakeholders in designing and evaluating secure business process models.

show abstract

“…Therefore, we consider existing literature that makes use of knowledge base (threat catalogs, vulnerability data bases, etc.) [1,2,4,7,18] to perform such analysis as related work. We refer the interested reader to a systematic literature review [20] for a more detailed list of knowledge-based threat analysis techniques.…”

Section: Related Workmentioning

confidence: 99%

“…Knowledge reuse is an important factor that can help raise the efficiency. For instance, previous work ( [2,4,22], to cite a few) has made use of publicly available records of low-level security vulnerabilities, such as CAPEC 1 , CVE 2 , CWE 3 to semi-automate the security analysis of systems. On the level of software architecture, Garcia et al [9] introduce a catalog of architectural bad smells specified with UML diagrams.…”

mentioning

confidence: 99%

Inspection guidelines to identify security design flaws

Tuma

Hosseini

Malamas

et al. 2019

Proceedings of the 13th European Conference on Software Architecture - Volume 2

View full text Add to dashboard Cite

Recent trends in the software development practices (Agile, De-vOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for potential vulnerabilities and design flaws. Yet, design flaws are often documented with natural language and require a manual analysis, which is inefficient. Besides low-level vulnerability databases (e.g., CWE, CAPEC) there is little systematized knowledge on security design flaws. The purpose of this work is to provide a catalog of security design flaws and to empirically evaluate the inspection guidelines for detecting security design flaws. To this aim, we present a catalog of 19 security design flaws and conduct empirical studies with master and doctoral students. This paper contributes with: (i) a catalog of security design flaws, (ii) an empirical evaluation of the inspection guidelines with master students, and (iii) a replicated evaluation with doctoral students. We also account for the shortcomings of the inspection guidelines and make suggestions for their improvement with respect to the generalization of guidelines, catalog re-organization, and format of documentation. We record similar precision, recall, and productivity in both empirical studies and discuss the potential for automating the security design flaw detection.

show abstract

Modeling Security Threat Patterns to Derive Negative Scenarios

Cited by 13 publications

References 14 publications

A replication of a controlled experiment with two STRIDE variants

A replication of a controlled experiment with two STRIDE variants

Implementation and Design of Secure Business Process Models Based on Organisational Goals

Inspection guidelines to identify security design flaws

Contact Info

Product

Resources

About