Statecharts: A visual formalism for complex systems
Science of Computer Programming
The ESTEREL synchronous programming language: design, semantics, implementation
Science of Computer Programming
The STATEMATE semantics of statecharts
ACM Transactions on Software Engineering and Methodology (TOSEM)
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Protecting web servers from distributed denial of service attacks
Proceedings of the 10th international conference on World Wide Web
Proceedings of the 2002 ACM symposium on Applied computing
Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
Writing Secure Code
A Comparison of Statecharts Variants
ProCoS Proceedings of the Third International Symposium Organized Jointly with the Working Group Provably Correct Systems on Formal Techniques in Real-Time and Fault-Tolerant Systems
Threat Modeling
Demystifying the Threat-Modeling Process
IEEE Security and Privacy
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
International Journal of Information and Computer Security
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
A UML-Based Framework for Design and Analysis of Dependable Software
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Software security is becoming a key quality concern as software applications are increasingly being used in untrustworthy computing environments such as the internet. Software is designed with the mindset of its functionalities and cost, where the focus is on the operational behavior while security concerns are neglected or marginally considered. As a result, software engineers build the software while lacking the knowledge about security and its effect on the system. This paper presents an approach for modeling the behavior of security threats using statecharts. The proposed approach introduces modular design for representing threats through the use of components and reusability. Through the focus on the behavior of an attack, software engineers can clearly define and understand security concerns as the application is being designed and developed. In addition, modeling security threats with statecharts makes it convenient to build a consistent semantic link between functional behaviors and security concerns.