Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project

Jung, Christian; Elberzhager, Frank; Bagnato, Alessandra; Raiteri, Fabio

doi:10.1109/ares.2010.12

Cited by 4 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security goal indicator trees are implemented in a prototype tool, mentioned in [203]. They are used to formalize security inspection processes for a distributed repository of digital cultural data in e-tourism application in [115]. The formalism is extended to dependability inspection in [128].…”

Section: Security Goal Indicator Treesmentioning

confidence: 99%

“…Thus, they have also become popular in the industrial sector. Notable application domains of graphical models include security analysis of supervisory control and data acquisition (SCADA) systems [43,257,258], voting systems [32,142], vehicular communication systems [4,97], Internet related attacks [148,261], secure software engineering [115], and socio-technical attacks [19,77,220].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

Kordy

Piètre-Cambacédès

Schweitzer

2014

Computer Science Review

267

194

View full text Add to dashboard Cite

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements. IntroductionGraphical security models provide a useful method to represent and analyze security scenarios that examine vulnerabilities of systems and organizations. The great advantage of graph-based approaches lies in combining user friendly, intuitive, visual features with formal semantics and algorithms that allow for qualitative and quantitative analysis. Over the course of the last two decades, graphical approaches attracted the attention of numerous security and formal methods experts and are quickly becoming a stand-alone research area with dedicated national and international research projects [14,17,241,263,273]. Graphical models constitute a valuable support tool to facilitate threat assessment and risk management of real-life systems. Thus, they have also become popular in the industrial sector. Notable application domains of graphical models include security analysis of supervisory control and data acquisition (SCADA) systems [43,257,258], voting systems [32,142], vehicular communication systems [4,97], Internet related attacks [148,261], secure software engineering [115], and socio-technical attacks [19,77,220].In this paper we focus on graphical methods for analysis of attack and defense scenarios. We understand attack and defense scenarios in a general sense: they encompass any malicious action of an attacker who wants to harm or damage another party or its assets as well as any defense or countermeasure that could be used to prevent or mitigate such malicious actions. In 1991, Weiss [286] introduced threat logic trees as the first graphical attack modeling technique. The obvious similarity of threat logic trees to fault trees [270] suggests that graph-based security modeling has its roots in safety modeling. Weiss' approach can be seen as the origin of numerous subsequent models, including attack trees [230,234] which are nowadays one of the most popular graphical security models.Today, more than 30 different approaches for analysis of attack and defense scenarios exist. Most of them extend the original model of threat logic trees in one or several dimensions which include defensive components, timed and ordered actions, dynamic aspects and different types of *...

show abstract

Section: Security Goal Indicator Treesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

Kordy

Piètre-Cambacédès

Schweitzer

2014

Computer Science Review

267

194

View full text Add to dashboard Cite

show abstract

Practical Experience Gained from Passive Testing of Web Based Systems

Bagnato

Raiteri

Mallouli

et al. 2010

2010 Third International Conference on Software Testing, Verification, and Validation Workshops

Self Cite

View full text Add to dashboard Cite

In recent years Web-based systems have become extremely popular and, nowadays, they are used in critical environments such as financial, medical, and military systems. As the use of Web applications for security-critical services has increased, the number and sophistication of attacks against these applications have grown as well. For this reason it is essential to be able to prove that the target Web-based system implements its designed security requirements avoiding known vulnerabilities in HTTP-based solutions. To reach this aim, we can rely on several testing techniques and mainly on security passive testing approach that is becoming increasingly important to security-relevant aspects into web based software systems. This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT etourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain securityrelated invariants derived from SHIELDS models. 1

show abstract

Creating and Applying Security Goal Indicator Trees in an Industrial Environment

Bagnato

Raiteri

Jung

et al. 2012

Threats, Countermeasures, and Advances in Applied Information Security

View full text Add to dashboard Cite

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SHIELDS, Software Vulnerability Repository Services) created in the European project SHIELDS (SHIELDS, SHIELDS - Detecting known security vulnerabilities from within design and development tools)

show abstract

Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project

Cited by 4 publications

References 6 publications

DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

DAG-based attack and defense modeling: Don’t miss the forest for the attack trees

Practical Experience Gained from Passive Testing of Web Based Systems

Creating and Applying Security Goal Indicator Trees in an Industrial Environment

Contact Info

Product

Resources

About