Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
KBSE
2007
IEEE
2007
IEEE
Checking threat modeling data flow diagrams for implementation conformance and security
Threat modeling analyzes how an adversary might attack a system by supplying it with malicious data or interacting with it. The analysis uses a Data Flow Diagram (DFD) to describe how data moves through a system. Today, DFDs are represented informally, reviewed manually with security domain experts and may not reflect all the entry points in the implementation. We designed an approach to check the conformance of an implementation with its security architecture. We extended Reflexion Models to compare as-built DFD recovered from the implementation and the as-designed DFD, by increasing its automation and thus its adoptability. We also designed an analysis to assist DFD designers validate their initial DFDs and detect common security design flaws in them. An evaluation of the approach on subsystems from production code showed that it can find omitted or outdated information in existing DFDs. Parts of this work were conducted while the first author was an intern in the Center for So...
Real-time Traffic| Added | 04 Jun 2010 |
| Updated | 04 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | KBSE |
| Authors | Marwan Abi-Antoun, Daniel Wang, Peter Torr |
Comments (0)
Researcher Info
|
