Checking threat modeling data flow diagrams for implementation conformance and security

ASE'07 - 2007 ACM/IEEE International Conference on Automated Software Engineering

Volumn , Issue , 2007, Pages 393-396

  Abi Antoun, Marwan ^a   Wang, Daniel ^b   Torr, Peter ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b MICROSOFT   (United States)

Author keywords

data flow diagrams; denial of service; information disclosure; reflexion models; security analysis; spoofing; tampering; threat modeling

Indexed keywords

APPLICATION SECURITY; DATA FLOW DIAGRAMS; DENIAL OF SERVICE; INFORMATION DISCLOSURE; NOVICE DESIGNERS; SECURITY ANALYSIS; SECURITY THREATS; THREAT MODELING;

COMPUTER SOFTWARE; FLOWCHARTING; GRAPHIC METHODS; SECURITY OF DATA; SECURITY SYSTEMS; TRANSMISSION CONTROL PROTOCOL;

DATA FLOW ANALYSIS;

EID: 77951490166     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1321631.1321692     Document Type: Conference Paper

References (8)

1. M. Abi-Antoun, D. Wang, and P. Torr. Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security. Technical Report CMU-ISRI-06-124, Carnegie Mellon University, 2006.
2. P. Clements, F. Bachman, L. Bass, D. Garlan, J. Ivers, R. Little, R. Nord, and J. Stafford. Documenting Software Architecture: View and Beyond. Addison-Wesley, 2003.
3. M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, 2nd edition, 2003.
4. M. Howard and S. Lipner. The Security Development Lifecycle. Microsoft Press, 2006.
5. G. C. Murphy, D. Notkin, and K. J. Sullivan. Software Reflexion Models: Bridging the Gap between Design and Implementation. IEEE Trans. Softw. Eng., 27(4), 2001.
6. F. Swiderski and W. Snyder. Threat Modeling. Microsoft Press, 2004.
7. P. Torr. Demystifying the Threat-Modeling Process. IEEE Security and Privacy, 03(5):66-70, 2005.
8. E. Yourdon. Structured Analysis. Prentice Hall, 1988.