A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Proceedings of the 2002 ACM symposium on Applied computing
Writing Secure Code
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Software vulnerability analysis
Software vulnerability analysis
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
On the design of more secure software-intensive systems by use of attack patterns
Information and Software Technology
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Security Requirements Elicitation Using Method Weaving and Common Criteria
Models in Software Engineering
Vulnerability analysis for a quantitative security evaluation
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Multi-vendor penetration testing in the advanced metering infrastructure
Proceedings of the 26th Annual Computer Security Applications Conference
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
| Hi-index | 0.00 |
Fortifying software applications from attack is often an effort that occurs late in the software development process. Applying patches to fix vulnerable applications in the field is a common approach to securing applications. Abstract representations of attacks such as attack trees and attack nets can be used for identifying potential threats before a system is released. We have constructed attack patterns that can illuminate security vulnerabilities in a software-intensive system design. Matching our attack patterns to vulnerabilities in the design phase may stimulate security efforts to start early and to become integrated with the software process. The intent is that our attack patterns can be used to effectively encode software vulnerabilities in vulnerability databases. A case study of our approach with undergraduate students in a security course indicated that our attack patterns can provide general descriptions of vulnerabilities. The students were able to accurately map the patterns to vulnerabilities in a system design.