Modeling security attacks with statecharts

Authors:
Omar El Ariss;Dianxiang Xu
Affiliations:
North Dakota State University, Fargo, ND, USA;Dakota State University, Madison, SD, USA
Venue:
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Year:
2011

Citing 17
Cited 0

Statecharts: A visual formalism for complex systems

Science of Computer Programming
The ESTEREL synchronous programming language: design, semantics, implementation

Science of Computer Programming
The STATEMATE semantics of statecharts

ACM Transactions on Software Engineering and Methodology (TOSEM)
A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
Attack net penetration testing

Proceedings of the 2000 workshop on New security paradigms
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
Collaborative attack modeling

Proceedings of the 2002 ACM symposium on Applied computing
Using UMLsec and goal trees for secure systems development

Proceedings of the 2002 ACM symposium on Applied computing
Writing Secure Code

Writing Secure Code
A Comparison of Statecharts Variants

ProCoS Proceedings of the Third International Symposium Organized Jointly with the Working Group Provably Correct Systems on Formal Techniques in Real-Time and Fault-Tolerant Systems
Threat Modeling

Threat Modeling
Demystifying the Threat-Modeling Process

IEEE Security and Privacy
A threat-driven approach to modeling and verifying secure software

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems

International Journal of Information and Computer Security
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets

IEEE Transactions on Software Engineering
A UML-Based Framework for Design and Analysis of Dependable Software

COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software security is becoming a key quality concern as software applications are increasingly being used in untrustworthy computing environments such as the internet. Software is designed with the mindset of its functionalities and cost, where the focus is on the operational behavior while security concerns are neglected or marginally considered. As a result, software engineers build the software while lacking the knowledge about security and its effect on the system. This paper presents an approach for modeling the behavior of security threats using statecharts. The proposed approach introduces modular design for representing threats through the use of components and reusability. Through the focus on the behavior of an attack, software engineers can clearly define and understand security concerns as the application is being designed and developed. In addition, modeling security threats with statecharts makes it convenient to build a consistent semantic link between functional behaviors and security concerns.