Building security requirements using state transition diagram at security threat location

Authors:
Seong Chae Seo;Jin Ho You;Young Dae Kim;Jun Yong Choi;Sang Jun Lee;Byung Ki Kim
Affiliations:
Department of Computer Science, Chonnam National University, Gwangju, Korea;Department of Computer Science, Chonnam National University, Gwangju, Korea;Department of Computer Science, Chonnam National University, Gwangju, Korea;School of Electrical Engineering and Computer Science, Kyungpook National University, Daegu, Korea;Department of Internet Information Communication, Shingyeong University, Gyeonggi-do, Korea;Department of Computer Science, Chonnam National University, Gwangju, Korea
Venue:
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Year:
2005

Citing 8
Cited 1

Writing Secure Code

Writing Secure Code
UMLsec: Extending UML for Secure Systems Development

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Software vulnerability analysis

Software vulnerability analysis
Elaborating Security Requirements by Construction of Intentional Anti-Models

Proceedings of the 26th International Conference on Software Engineering
Building More Secure Software with Improved Development Processes

IEEE Security and Privacy
Misuse Cases: Use Cases with Hostile Intent

IEEE Software
Software Security

IEEE Security and Privacy

Assuring software security against buffer overflow attacks in embedded software development life cycle

ICACT'10 Proceedings of the 12th international conference on Advanced communication technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The security requirements in the software life cycle has received some attention recently. However, it is not yet clear how to build security requirements. This paper describes and illustrates a process to build application specific security requirements from state transition diagrams at the security threat location. Using security failure data, we identify security threat locations which attackers could use to exploit software vulnerabilities. A state transition diagram is constructed to be used to protect, mitigate, and remove vulnerabilities relative to security threat locations. In the software development process, security requirements are obtained from state transition diagrams relative to the security threat location.