Security attack analysis using attack patterns

Li, Tong; Paja, Elda; Mylopoulos, John; Horkoff, Jennifer; Beckers, Kristian

doi:10.1109/rcis.2016.7549303

Cited by 17 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software security vulnerabilities and observed analysis of attacks are categorized into various aspects. The proposed software security framework requires different analyses to be performed due to the expansion aspects of system security [18], [19]. The security system has been strengthened by prioritizing issues derived from monitoring results.…”

Section: Software Security Requirementsmentioning

confidence: 99%

Impact of Security assessment for more secure software – A Tactics and Multi-Dimensional Perspective

Ali,

Uddin,

Uddin

et al. 2024

Preprint

View full text Add to dashboard Cite

Security assessments are one of the most impactful points for developing more secure software that provides identification of security vulnerabilities, finding risks, and threats effective and strongest defense against them. The quality of the security system can be possible maximized through the prioritization of every aspect of the software system and the execution of a thorough standard security assessment. In this paper, we proposed a secure flow of software security requirements, Security pattern framework, and Threat and Risk assessment. The framework provides a secure flow of software security systems to detect attack patterns, block, response, and recovery through a systematic analysis. We implement prioritization and specification of security aspects in consideration of security requirements. Tactics and multidimensional perspective to provide appropriate solutions by unifying all components of the security function and all related issues. Security goals aim to mitigate risks and protect from threats, which is done through an appropriate risk and threat assessment model. In addition, we show an integrated threat model which specifies security and mitigates threat and risk. The results of this study will help the software development cycle to develop more secure software and increase the effectiveness of the software security system.

show abstract

Section: Software Security Requirementsmentioning

confidence: 99%

Impact of Security assessment for more secure software – A Tactics and Multi-Dimensional Perspective

Ali,

Uddin,

Uddin

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Other researchers [8] have analyzed attacks using attack patterns in a comprehensive attack knowledge repository. Bozic and Wotawa [1] have proposed a formalization of attack patterns from which test cases can be generated and executed automatically to conduct security testing.…”

Section: Related Workmentioning

confidence: 99%

Defining Attack Patterns for Industrial Control Systems

Chan

Chow

Chan

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Attack patterns have been used to specify security test cases for traditional information technology systems in order to mitigate cyber attacks. However, the attack patterns for traditional information technology systems are not directly applicable to industrial control systems. This chapter considers the differences between traditional information technology systems and industrial control systems, discusses why attack patterns for traditional information technology systems are inadequate for industrial control systems, and specifies attack patterns for industrial control systems. The attack patterns are useful for creating security test cases for assessing the security levels of industrial control systems. An elevator system case study is used to demonstrate the utility of industrial control system attack patterns in specifying security test cases.

show abstract

“…Such an approach is more perpendicular, as it enables an in-depth analysis of a particular threat and provides guidance in choosing how to protect against that threat. Related to that, there are systematic approaches, such as Li et al [19], that leverage attack pattern repositories such as CAPEC to identify attacks.…”

Section: Related Workmentioning

confidence: 99%

Solution-aware data flow diagrams for security threat modeling

Sion

Yskout

Landuyt

et al. 2018

Proceedings of the 33rd Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Threat modeling refers to a number of systematic approaches for eliciting security and privacy threats. Data Flow Diagrams (DFDs) are the main input for threat modeling techniques such as Microsoft STRIDE or LINDDUN. They represent system-level abstractions that lack any architectural knowledge on existing security solutions. However, this is not how software is built in practice: there are often previously-made security-and privacy-relevant decisions that originate from the technological context or domain, reuse, or external dependencies. Not taking these into account leads to the enumeration of many non-applicable threats during threat modeling. While recording the effect of these decisions on individual elements can provide some relief, the lack of a proper first-class representation causes conflicts when modifying the architecture and inhibits traceability between effect and decision. In this paper, we enrich Data Flow Diagrams with security solution elements, which are taken into account during threat elicitation. Our modeling approach is supported by a proof-of-concept implementation of a threat modeling framework and validated in the context of a STRIDE analysis of an industrial video conferencing solution that is based on WebRTC. The presented DFD enrichments are a key enabler for future efforts towards dynamic and continuous threat modeling. CCS CONCEPTS • Security and privacy → Software security engineering; • Software and its engineering → Data flow architectures; Abstraction, modeling and modularity;

show abstract

Security attack analysis using attack patterns

Cited by 17 publications

References 22 publications

Impact of Security assessment for more secure software – A Tactics and Multi-Dimensional Perspective

Impact of Security assessment for more secure software – A Tactics and Multi-Dimensional Perspective

Defining Attack Patterns for Industrial Control Systems

Solution-aware data flow diagrams for security threat modeling

Contact Info

Product

Resources

About