Sciweavers

INFSOF
2007

On the design of more secure software-intensive systems by use of attack patterns

13 years 11 months ago
On the design of more secure software-intensive systems by use of attack patterns
Retrofitting security implementations to a released software-intensive system or to a system under development may require significant architectural or coding changes. These late changes can be difficult and more costly than if performed early in the software process. We have created regular expression-based attack patterns that show the sequential events that occur during an attack. By performing a Security Analysis for Existing Threats (SAFE-T), software engineers can match the symbols of a regular expression to their system design. An architectural analysis that identifies security vulnerabilities early in the software process can prepare software engineers for which security implementations are necessary when coding starts. A case study involving students in an upper-level undergraduate security course suggests that SAFE-T can be performed by relatively inexperienced engineers who are not experts in security. Data from the case study also suggest that the attack patterns do not ...
Michael Gegick, Laurie Williams
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where INFSOF
Authors Michael Gegick, Laurie Williams
Comments (0)