A unified threat model for assessing threat in web applications

Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Volumn , Issue , 2008, Pages 142-145

  Xiaohong, Li ^a   Ke, He ^a  

^a TIANJIN UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATIONS; INFORMATION SERVICES; INFORMATION THEORY; PROGRAMMING THEORY; WORLD WIDE WEB;

DESIGN STAGES; INTERNATIONAL CONFERENCES; WEB APPLICATIONS;

SOFTWARE DESIGN;

EID: 51449100978     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISA.2008.47     Document Type: Conference Paper

References (12)

1. Common Vulnerabilities and Exposures. http://www.cve.mitre.org/, 2006.
2. J. D. Meier, "Web application security engineering." Security & Privacy Magazine, IEEE, vol. 4, pp. 16-24, 2006
3. Chen, H., Wagner, D. "MOPS: an Infrastructure for Examining Security Properties of Software." In: ACM conference on computer and communication security. Washington, D.C., Nov 2002.
4. Evans D., Larochelle, D. "Improving Security Using Extensible Lightweight Static Analysis." In: IEEE Software, Jan 2002.
5. Amoroso, E. G. Fundamentals of Computer Security Technology. Englewood Cliffs. NJ: Prentice Hall PTR, 1994.
6. Vaurio, J. K. "Treatment of general dependencies in system fault-tree and risk analysis." IEEE Transactions on Reliability, vol. 51, 278-287, 2002.
7. Sinnamon R. M., Andrews, J. D. "Fault tree analysis and binary decision diagrams," In: Reliability and Maintainability Symposium, 1996 Proceedings. International Symposium on Product Quality and Integrity. Annual, 1996. 215-222.
8. Richard J. R. "Analysis Techniques for Mechanical Reliability." Reliability Analysis Center, A DoD Information Analysis Center, 1985.
9. Salter, C., Saydjari, O. S., Schneier, B., Wallner, J. "Toward a Secure System Engineering Methodology," In: Proceeding Of New Security Paradigms Workshop. September 1998.
10. Schneier, B. "Attack Tree", Secrets and Lies. New York: John Wiley and Sons, 2000.
11. Tidwell T., Larson R., Fitch K. et al. "Modeling Internet Attacks." IEEE, 2001.
12. Aagedal, J. Ø., den Braber, F., Dimitrakos, T. et al. "Model-based risk assessment to improve enterprise security." In: Proc. EDOC2002. 2002 IEEE Computer Society. 2002, 51-62.