SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Risk Analysis in Software Design
IEEE Security and Privacy
Demystifying the Threat-Modeling Process
IEEE Security and Privacy
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Secure Systems Development with UML
Secure Systems Development with UML
Automating architectural security analysis
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Hi-index | 0.00 |
Identifying and resolving security problems as early as possible in the software development life cycle should by now be conventional wisdom. However, we observe that there is no threat modeling approach suitable for analysing initial software architecture. Our approach aims to fill this gap by adopting a threat modeling technique (STRIDE) that can be equally applied to software architecture diagrams. Accordingly, we claim and seek to validate that even little additional information on architecture diagrams can yield significant value in a lightweight automated security analysis. We implement and verify our approach by building a tool for automated threat analysis of software architecture diagrams. This is validated in the context of a large-scale industrial software development context providing some initial empirical analysis.