TY - GEN
T1 - Threat and security modeling for secure software requirements and architecture
AU - Shin, Michael
AU - Pathirage, Don
AU - Jang, Dongsoo
N1 - Publisher Copyright:
© 2020 Knowledge Systems Institute Graduate School. All rights reserved.
PY - 2020
Y1 - 2020
N2 - Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.
AB - Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.
KW - Meta-Model
KW - Security Modeling
KW - Software Architecture
KW - Software Requirements
KW - Threat
UR - http://www.scopus.com/inward/record.url?scp=85090506861&partnerID=8YFLogxK
U2 - 10.18293/SEKE2020-055
DO - 10.18293/SEKE2020-055
M3 - Conference contribution
AN - SCOPUS:85090506861
T3 - Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
SP - 117
EP - 120
BT - SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering
PB - Knowledge Systems Institute Graduate School
T2 - 32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020
Y2 - 9 July 2020 through 19 July 2020
ER -