On the design of more secure software-intensive systems by use of attack patterns

Gegick, Michael; Williams, Laurie

doi:10.1016/j.infsof.2006.06.002

Cited by 23 publications

(18 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In line with this argument many authors have argued that it is much better to find and fix flaws during the early phase of software development because it is more costly to fix the problem at a late stage of software development and much more costly when the software has been deployed (Spampinato et.al, 2008, Mockel and Abdallah, 2011, Gegick and Williams, 2007. To ensure that security is integrated during the design phase of SDLC, many techniques such as architectural risk analysis, threat modelling, attack trees, attack patterns, use of security tools and other approaches have been proposed (see chapter 2 for further discussion).…”

Section: Motivationmentioning

confidence: 98%

Applicability of Neural Networks to Software Security

Adebiyi

Arreymbi

Imafidon

2012

2012 UKSim 14th International Conference on Computer Modelling and Simulation

View full text Add to dashboard Cite

Section: Motivationmentioning

confidence: 98%

Applicability of Neural Networks to Software Security

Adebiyi

Arreymbi

Imafidon

2012

2012 UKSim 14th International Conference on Computer Modelling and Simulation

View full text Add to dashboard Cite

“…Gegick and Williams [60] identify security vulnerabilities in code level by tailoring attack patterns based on software components. These patterns take the form of regular expressions that are generic representations of vulnerabilities.…”

Section: Modeling Of Attacksmentioning

confidence: 99%

“…If a match exists, then the vulnerability may exist in the application being analyzed. The attacks patterns given in [60] are mainly based on code-level vulnerabilities especially the buffer-over flow and the SQL injection attacks.…”

Section: Modeling Of Attacksmentioning

confidence: 99%

Specification, verification, and quantification of security in model-based systems

Ouchani

Debbabi

2015

Computing

View full text Add to dashboard Cite

Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems.

show abstract

“…In this technique, attack against a system is represented in a tree structure in which the root of the tree represents the goal of an attacker. The nodes in the tree represent the different types of actions the attacker can take to accomplish his goal on the software system or outside the software system which may be in the form of bribe or threat [6], [23]. "Attack trees are used for risk analysis, to answer questions about the system's security, to capture security knowledge in a reusable way, and to design, implement, and test countermeasures to attacks" [24].…”

Section: Related Work On Security Assessment Of Software Designmentioning

confidence: 99%

“…Moreover, it requires great expertise to ascertain whether or not a software application has design-level flaws which makes it difficult to find and automate [9]. Many authors also argue that it is much better to find and fix flaws during the early phase of software development because it is more costly to fix the problem at a late stage of development and much more costly when the software has been deployed [6][29] [30]. Therefore, taking security into consideration at the design phase of SDLC will help greatly in producing secured software applications.…”

Section: Introductionmentioning

confidence: 99%

Security Assessment of Software Design using Neural Network

Adebiyi¹,

Arreymbi²,

Imafidon³

2012

IJARAI

View full text Add to dashboard Cite

Abstract-Security flaws in software applications today has been attributed mostly to design flaws. With limited budget and time to release software into the market, many developers often consider security as an afterthought. Previous research shows that integrating security into software applications at a later stage of software development lifecycle (SDLC) has been found to be more costly than when it is integrated during the early stages. To assist in the integration of security early in the SDLC stages, a new approach for assessing security during the design phase by neural network is investigated in this paper. Our findings show that by training a back propagation neural network to identify attack patterns, possible attacks can be identified from design scenarios presented to it. The result of performance of the neural network is presented in this paper.

show abstract

On the design of more secure software-intensive systems by use of attack patterns

Cited by 23 publications

References 18 publications

Applicability of Neural Networks to Software Security

Applicability of Neural Networks to Software Security

Specification, verification, and quantification of security in model-based systems

Security Assessment of Software Design using Neural Network

Contact Info

Product

Resources

About