Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection

Peine, Holger; Jawurek, Marek; Mandel, Savannah

doi:10.1109/hase.2008.57

Cited by 26 publications

(13 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security properties are the targets the customer establishes for their security program. Without security properties, they do not know what they are trying to accomplish for security and therefore will not reach any goals [43]. Security requirement (SR) engineering can provide a foundation for developing secure systems.…”

Section: Security Properties and Requirementsmentioning

confidence: 99%

“…On the other hand, we also found studies focused on showing challenges and practitioners perspectives in this context. However, few authors have addressed the specific problems of security verification activities ( [12,20,43]). The picture is even poorer in the agile context as concluded in [56].…”

Section: Related Workmentioning

confidence: 99%

“…Although these secondary studies have reported several challenges in the literature, the number of solution proposals to address these concerns is limited. Existing approaches (e.g., [12,20,43,46]) employ inspection techniques to verifying security or identifying security goals from textual documents. These proposals are not focused on agile, but this does not mean that they cannot address these kinds of requirements.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications

et al. 2020

View full text Add to dashboard Cite

Defects in requirement specifications can have severe consequences during the software development life cycle. Some of them may result in poor product quality and/or time and budget overrun due to incorrect or missing quality characteristics, such as security. This characteristic requires special attention in web applications because they have become a target for manipulating sensible data. Several concerns make security difficult to deal with. For instance, security requirements are often misunderstood and improperly specified due to lack of security expertise and emphasis on security during early stages of software development. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically produced. To tackle this problem, we designed an approach for reviewing security-related aspects in agile requirements specifications of web applications. Our proposal considers user stories and security specifications as inputs and relates those user stories to security properties via natural language processing. Based on the related security properties, our approach identifies high-level security requirements from the Open Web Application Security Project (OWASP) to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via three experimental trials conducted with 56 novice software engineers, measuring effectiveness, efficiency, usefulness and ease of use. We compare our approach against using: (1) the OWASP high-level security requirements and (2) a perspective-based approach as proposed in contemporary state of the art. The results strengthen our confidence that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency.

show abstract

Section: Security Properties and Requirementsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Approaches introducing a general order. Peine, Jawurek, and Mandel introduce security goal indicator trees [20] in which nodes can be related by a notion of conditional dependency and Boolean connectors. The authors, however, do not formally specify the syntax and semantics of the model.…”

Section: Related Work and Motivationmentioning

confidence: 99%

Attack Trees with Sequential Conjunction

Jhawar

Kordy

Mauw

et al. 2015

ICT Systems Security and Privacy Protection

121

View full text Add to dashboard Cite

Abstract. We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.

show abstract

“…The language was developed as a more expressive replacement for vulnerability cause graphs [12] (used to model the causes of vulnerabilities), security activity graphs [13] (used to model the alternatives for performing security-related activities), security goal indicator trees [14] (used to model the process of goal-driven inspection) and attack trees [15] (used to model how to perform attacks). SGMs provide richer relationships between model elements, a key property when being used for automated applications such as passive testing.…”

Section: Security Goal Modelsmentioning

confidence: 99%

An advanced approach for modeling and detecting software vulnerabilities

Shahmehri

Mammar

et al. 2012

Information and Software Technology

View full text Add to dashboard Cite

Context. Passive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system.Objective. In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection.Method. Our method uses formal models of vulnerability causes, known as security goal models and vulnerability detection conditions (VDCs). The former are used to identify the causes of vulnerabilities and model their dependencies, and the latter to give a formal interpretation that is suitable for vulnerability detection using passive testing techniques. We have implemented modeling tools for security goal models and vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces of compiled programs for evidence of VDCs.Results. We present the full definitions of security goal models and vulnerability detection conditions, as well as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in several open source projects. By testing versions with known vulnerabilities, we can quantify the effectiveness of the approach.Conclusion. Although the current implementation has some limitations, passive testing for vulnerability detection works well, and using models as the basis for testing ensures that users of the testing tool can easily extend it to handle new vulnerabilities.

show abstract

Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection

Cited by 26 publications

References 4 publications

An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications

An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications

Attack Trees with Sequential Conjunction

An advanced approach for modeling and detecting software vulnerabilities

Contact Info

Product

Resources

About