Threat and security modeling for secure software requirements and architecture

Michael Shin; Don Pathirage; Dongsoo Jang

doi:10.18293/SEKE2020-055

Threat and security modeling for secure software requirements and architecture

Michael Shin, Don Pathirage, Dongsoo Jang

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.

Original language	English
Title of host publication	SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering
Publisher	Knowledge Systems Institute Graduate School
Pages	117-120
Number of pages	4
ISBN (Electronic)	1891706500
DOIs	https://doi.org/10.18293/SEKE2020-055
State	Published - 2020
Event	32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020 - Pittsburgh, Virtual, United States Duration: Jul 9 2020 → Jul 19 2020

Publication series

Name	Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
Volume	PartF162440
ISSN (Print)	2325-9000
ISSN (Electronic)	2325-9086

Conference

Conference	32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020
Country/Territory	United States
City	Pittsburgh, Virtual
Period	07/9/20 → 07/19/20

Keywords

Meta-Model
Security Modeling
Software Architecture
Software Requirements
Threat

Access to Document

10.18293/SEKE2020-055

Cite this

Shin, M., Pathirage, D., & Jang, D. (2020). Threat and security modeling for secure software requirements and architecture. In SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering (pp. 117-120). (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE; Vol. PartF162440). Knowledge Systems Institute Graduate School. https://doi.org/10.18293/SEKE2020-055

Shin, Michael ; Pathirage, Don ; Jang, Dongsoo. / Threat and security modeling for secure software requirements and architecture. SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering. Knowledge Systems Institute Graduate School, 2020. pp. 117-120 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE).

@inproceedings{c05be56b798046c39e0380dfedca694f,

title = "Threat and security modeling for secure software requirements and architecture",

abstract = "Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.",

keywords = "Meta-Model, Security Modeling, Software Architecture, Software Requirements, Threat",

author = "Michael Shin and Don Pathirage and Dongsoo Jang",

note = "Publisher Copyright: {\textcopyright} 2020 Knowledge Systems Institute Graduate School. All rights reserved.; 32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020 ; Conference date: 09-07-2020 Through 19-07-2020",

year = "2020",

doi = "10.18293/SEKE2020-055",

language = "English",

series = "Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE",

publisher = "Knowledge Systems Institute Graduate School",

pages = "117--120",

booktitle = "SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering",

}

Shin, M, Pathirage, D & Jang, D 2020, Threat and security modeling for secure software requirements and architecture. in SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering. Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE, vol. PartF162440, Knowledge Systems Institute Graduate School, pp. 117-120, 32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020, Pittsburgh, Virtual, United States, 07/9/20. https://doi.org/10.18293/SEKE2020-055

Threat and security modeling for secure software requirements and architecture. / Shin, Michael; Pathirage, Don; Jang, Dongsoo.
SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering. Knowledge Systems Institute Graduate School, 2020. p. 117-120 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE; Vol. PartF162440).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Threat and security modeling for secure software requirements and architecture

AU - Shin, Michael

AU - Pathirage, Don

AU - Jang, Dongsoo

PY - 2020

Y1 - 2020

N2 - Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.

AB - Most of the threat modeling approaches do not stipulate when and what types of threats should be identified and modeled in each software development phase. This paper addresses a threat and security modeling approach in software requirements and architecture. The threats to software systems are classified and modeled as input and output, class and message threats in software requirements, and message communication threats in software architecture so that the security countermeasures are modeled and designed against the threats. The modeling of threats and security countermeasures is described by means of the underlying meta-models of software requirements and software architecture models. An online shopping system is used to demonstrate the approach.

KW - Meta-Model

KW - Security Modeling

KW - Software Architecture

KW - Software Requirements

KW - Threat

UR - http://www.scopus.com/inward/record.url?scp=85090506861&partnerID=8YFLogxK

U2 - 10.18293/SEKE2020-055

DO - 10.18293/SEKE2020-055

M3 - Conference contribution

AN - SCOPUS:85090506861

T3 - Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE

SP - 117

EP - 120

BT - SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering

PB - Knowledge Systems Institute Graduate School

T2 - 32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020

Y2 - 9 July 2020 through 19 July 2020

ER -

Shin M, Pathirage D, Jang D. Threat and security modeling for secure software requirements and architecture. In SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering. Knowledge Systems Institute Graduate School. 2020. p. 117-120. (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE). doi: 10.18293/SEKE2020-055

Threat and security modeling for secure software requirements and architecture

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this