Generation of test requirements from aspectual use cases
Proceedings of the 3rd workshop on Testing aspect-oriented programs
Aspect-oriented specification of threat-driven security requirements
International Journal of Computer Applications in Technology
A rigorous methodology for security architecture modeling and verification
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Modeling and integrating aspects with UML activity diagrams
Proceedings of the 2009 ACM symposium on Applied Computing
Software Dependability Analysis Methodology
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Secure and Efficient Localization Scheme in Ultra-Wideband Sensor Networks
Wireless Personal Communications: An International Journal
Aspect-oriented modeling and verification with finite state machines
Journal of Computer Science and Technology - Special section on trust and reputation management in future computing systmes and applications
Towards a framework for estimating system NFRs on behavioral models
Knowledge-Based Systems
Security based survivability risk analysis with extended HQPN
Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication
Security mutation testing of the FileZilla FTP server
Proceedings of the 2011 ACM Symposium on Applied Computing
Modeling security attacks with statecharts
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
A tool for automated test code generation from high-level petri nets
PETRI NETS'11 Proceedings of the 32nd international conference on Applications and theory of Petri Nets
Towards an aspect-oriented language module: aspects for petri nets
Proceedings of the seventh workshop on Domain-Specific Aspect Languages
A model-based approach to automated testing of access control policies
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Modelling UML sequence diagrams with aspect-oriented extended Petri nets
International Journal of Computer Applications in Technology
| Hi-index | 0.02 |
Design-level vulnerabilities are a major source of security risks in software. To improve trustworthiness of software design, this paper presents a formal threat-driven approach, which explores explicit behaviors of security threats as the mediator between security goals and applications of security features. Security threats are potential attacks, i.e., misuses and anomalies that violate the security goals of systems' intended functions. Security threats suggest what, where, and how security features for threat mitigation should be applied. To specify the intended functions, security threats, and threat mitigations of a security design as a whole, we exploit aspect-oriented Petri nets as a unified formalism. Intended functions and security threats are modeled by Petri nets, whereas threat mitigations are modeled by Petri net-based aspects due to the incremental and crosscutting nature of security features. The unified formalism facilitates verifying correctness of security threats against intended functions and verifying absence of security threats from integrated functions and threat mitigations. As a result, our approach can make software design provably secured from anticipated security threats and, thus, reduce significant design-level vulnerabilities. We demonstrate our approach through a systematic case study on the threat-driven modeling and verification of a real-world shopping cart application.