An Approach for Modeling and Analysis of Security System Architectures
IEEE Transactions on Knowledge and Data Engineering
Formally analyzing software architectural specifications using SAM
Journal of Systems and Software
Modeling, validating and automating composition of web services
ICWE '06 Proceedings of the 6th international conference on Web engineering
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
| Hi-index | 0.00 |
Few attempts have been made at defining a formal and traceable relationship for integrating security in all phases of analysis, modeling, and verification of software systems. In this paper, we propose a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations suggested by the threat model are expressed as constraints over a high-level SAM model and are used to refine it into a secure constrained model. We also, propose a translation from SAM Secure models into the SMV model checker where the threats and the elicited security properties from the threat modeling process are used as inputs to the verification phase as well. This method is developed with the aim of bridging the gap between informal security requirements and their formal representation and verification.