Sciweavers

ITNG
2008
IEEE

Towards a Specification Prototype for Hierarchy-Driven Attack Patterns

14 years 6 months ago
Towards a Specification Prototype for Hierarchy-Driven Attack Patterns
We propose the characteristics of a software tool that leverages specifying attack pattern details in understandable hierarchies. These hierarchies are currently manually populated from the vast CAPEC dictionary which consume an excessive amount of human resources and are wrought with the possibility of user error. Such a software tool will not only automate the population of these attack pattern hierarchies, but also provide system prerequisite information and suggested mitigation strategies for the system under design. The combination of system prerequisites, possible attack patterns, and necessary mitigation strategies gives system designers and developers a checklist-like artifact to consider as development moves from the design phase to the implementation phase. This artifact is valuable because the “patch and pray” mentality of software security is insufficient. This prototype tool is also intended to generate managerial-level policy documentation that can be used in the jus...
Joshua J. Pauli, Patrick Henry Engebretson
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where ITNG
Authors Joshua J. Pauli, Patrick Henry Engebretson
Comments (0)