Automating Threat Modeling through the Software Development Life-Cycle
نویسندگان
چکیده
Fixing software security issues early in the development life-cycle reduces its cost dramatically. Companies doing software development know this reality, and they have introduced risk assessment methodologies in their development processes. Unfortunately, these methodologies require engineers to have deep software security skills to carry out some of the most important steps of this process, and training them on security is expensive. In this scenario, we propose a new automated approach to analyze software designs to identify, risk rank and mitigate potential threats to the system. We designed a new data structure to detect threats in software designs called Identification Tree. We also defined a new one for describing countermeasures to threats, called Mitigation Trees. Our automated approach relies on Identification Trees and Mitigation Trees to integrate a guided risk assessment process through the development life-cycle. It does not require developers to have any security training, and was integrated in the current Threat Modeling process of Microsoft. Keywords— risk analysis, threat modeling, attack patterns, identification trees, mitigation trees
منابع مشابه
Automating Risk Analysis of Software Design Models
The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in se...
متن کاملPredicting Low Cycle Fatigue Life through Simulation of Crack in Cover Plate Welded Beam to Column Connections
This paper presents a low cycle fatigue life curve by simulating a crack in a cover plate welded moment connection. Initiation of ductile fracture in steel is controlled by growth and coalescence of micro-voids. This research used a numerical method using finite element modeling and simulation of ductile crack initiation by a micromechanical model. Therefore, a finite element model of a cover p...
متن کاملUse of Artificial Intelligence in Software Development Life Cycle ... A state of the art review
Artificial Intelligence (AI) is the younger field in computer science ready to accept challenges. Software engineering (SE) is the dominating industrial field. So, automating SE is the most relevant challenge today. AI has the capacity to empower SE in that way. Here in this paper we present a state of the art literature review which reveals the past and present work done for automating Softwar...
متن کاملReducing Testing Effort using Automation
Software quality is a major concern in the development of modern software systems. Software testing is the process of putting the developed system under testing to ensure its high quality. Unfortunately, software testing process is expensive and consumes a lot of time through software development life cycle. As software systems grow, manual software testing becomes more and more difficult espec...
متن کاملA Three-Fold Integration Framework to Incorporate User-Centered Design into Agile Software Development
We present a framework that incorporates user-centered design (UCD) philosophy into agile software development through a three-fold integration approach: at the process life-cycle level for the selection and application of appropriate UCD methods and techniques in the right places at the right times; at the iteration level for integrating UCD concepts, roles, and activities during each agile de...
متن کامل