Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)

Authors:
Dejan Baca;Kai Petersen
Affiliations:
,Blekinge Institute of Technology, Ronneby, Sweden;,Blekinge Institute of Technology, Ronneby, Sweden
Venue:
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Year:
2010

Citing 10
Cited 5

Risk management in software development: a technology overview and the Riskit method

Proceedings of the 21st international conference on Software engineering
Building secure software: how to avoid security problems the right way

Building secure software: how to avoid security problems the right way
Information Security Risk Analysis

Information Security Risk Analysis
Writing Secure Code

Writing Secure Code
Software Security: Building Security In

Software Security: Building Security In
Threat modeling using attack trees

Journal of Computing Sciences in Colleges
Evaluating the cost reduction of static code analysis for software security

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Evaluating two ways of calculating priorities in requirements hierarchies - An experiment on hierarchical cumulative voting

Journal of Systems and Software
Rational choice of security measures via multi-parameter attack trees

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Agile development with security engineering activities

Proceedings of the 2011 International Conference on Software and Systems Process
Equality in cumulative voting: A systematic review with an improvement proposal

Information and Software Technology
Attribute Decoration of Attack-Defense Trees

International Journal of Secure Software Engineering
Quantitative questions on attack: defense trees

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Countermeasure graphs for software security risk assessment: An action research

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software security is an important quality aspect of a software system. Therefore, it is important to integrate software security touch points throughout the development life-cycle. So far, the focus of touch points in the early phases has been on the identification of threats and attacks. In this paper we propose a novel method focusing on the end product by prioritizing countermeasures. The method provides an extension to attack trees and a process for identification and prioritization of countermeasures. The approach has been applied on an open-source application and showed that countermeasures could be identified. Furthermore, an analysis of the effectiveness and cost-efficiency of the countermeasures could be provided.