Towards an enhanced design level security integrating attack trees with statecharts

Omar A. El Ariss, Jianfei Wu, Dianxiang Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Software security has become more and more critical as we are increasingly depending on the Internet an untrustworthy computing environment. Software functionality and security are tightly related to each other vulnerabilities due to design errors inconsistencies incompleteness and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns however are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior then integrates this behavior into statechart-based functional models. Through the focus on both the functional and threat behavior software engineers can introduce clearly define and understand security concerns as software is designed. To identify vulnerabilities our approach then applies security analysis and threat identification to the integrated model.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011
Pages1-10
Number of pages10
DOIs
StatePublished - Sep 23 2011
Event2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011 - Jeju Island, Korea, Republic of
Duration: Jun 27 2011Jun 29 2011

Publication series

NameProceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011

Other

Other2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011
CountryKorea, Republic of
CityJeju Island
Period6/27/116/29/11

Fingerprint

Identification (control systems)
Internet
Specifications
Engineers

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

El Ariss, O. A., Wu, J., & Xu, D. (2011). Towards an enhanced design level security integrating attack trees with statecharts. In Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011 (pp. 1-10). [5991998] (Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011). https://doi.org/10.1109/SSIRI.2011.11
El Ariss, Omar A. ; Wu, Jianfei ; Xu, Dianxiang. / Towards an enhanced design level security integrating attack trees with statecharts. Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011. 2011. pp. 1-10 (Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011).
@inproceedings{388172af516445ac95a58c03b53ba512,
title = "Towards an enhanced design level security integrating attack trees with statecharts",
abstract = "Software security has become more and more critical as we are increasingly depending on the Internet an untrustworthy computing environment. Software functionality and security are tightly related to each other vulnerabilities due to design errors inconsistencies incompleteness and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns however are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior then integrates this behavior into statechart-based functional models. Through the focus on both the functional and threat behavior software engineers can introduce clearly define and understand security concerns as software is designed. To identify vulnerabilities our approach then applies security analysis and threat identification to the integrated model.",
author = "{El Ariss}, {Omar A.} and Jianfei Wu and Dianxiang Xu",
year = "2011",
month = "9",
day = "23",
doi = "10.1109/SSIRI.2011.11",
language = "English (US)",
isbn = "9780769544533",
series = "Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011",
pages = "1--10",
booktitle = "Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011",

}

El Ariss, OA, Wu, J & Xu, D 2011, Towards an enhanced design level security integrating attack trees with statecharts. in Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011., 5991998, Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011, pp. 1-10, 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011, Jeju Island, Korea, Republic of, 6/27/11. https://doi.org/10.1109/SSIRI.2011.11

Towards an enhanced design level security integrating attack trees with statecharts. / El Ariss, Omar A.; Wu, Jianfei; Xu, Dianxiang.

Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011. 2011. p. 1-10 5991998 (Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Towards an enhanced design level security integrating attack trees with statecharts

AU - El Ariss, Omar A.

AU - Wu, Jianfei

AU - Xu, Dianxiang

PY - 2011/9/23

Y1 - 2011/9/23

N2 - Software security has become more and more critical as we are increasingly depending on the Internet an untrustworthy computing environment. Software functionality and security are tightly related to each other vulnerabilities due to design errors inconsistencies incompleteness and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns however are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior then integrates this behavior into statechart-based functional models. Through the focus on both the functional and threat behavior software engineers can introduce clearly define and understand security concerns as software is designed. To identify vulnerabilities our approach then applies security analysis and threat identification to the integrated model.

AB - Software security has become more and more critical as we are increasingly depending on the Internet an untrustworthy computing environment. Software functionality and security are tightly related to each other vulnerabilities due to design errors inconsistencies incompleteness and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns however are often handled separately. In this paper we present a threat driven approach that improves on the quality of software through the realization of a more secure functional model. The approach introduces systematic transformation rules and integration steps for mapping attack tree representations into lower level dynamic behavior then integrates this behavior into statechart-based functional models. Through the focus on both the functional and threat behavior software engineers can introduce clearly define and understand security concerns as software is designed. To identify vulnerabilities our approach then applies security analysis and threat identification to the integrated model.

UR - http://www.scopus.com/inward/record.url?scp=80052943381&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052943381&partnerID=8YFLogxK

U2 - 10.1109/SSIRI.2011.11

DO - 10.1109/SSIRI.2011.11

M3 - Conference contribution

SN - 9780769544533

T3 - Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011

SP - 1

EP - 10

BT - Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011

ER -

El Ariss OA, Wu J, Xu D. Towards an enhanced design level security integrating attack trees with statecharts. In Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011. 2011. p. 1-10. 5991998. (Proceedings - 2011 5th International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2011). https://doi.org/10.1109/SSIRI.2011.11