Skip to main content
SpringerLink
Log in

Automatically Extracting Threats from Extended Data Flow Diagrams

  • Conference paper
Book cover Engineering Secure Software and Systems (ESSoS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9639))

Included in the following conference series:

Abstract

Architectural risk analysis is an important aspect of developing software that is free of security flaws. Knowledge on architectural flaws, however, is sparse, in particular in small or medium-sized enterprises. In this paper, we propose a practical approach to architectural risk analysis that leverages Microsoft’s threat modeling. Our technique decouples the creation of a system’s architecture from the process of detecting and collecting architectural flaws. This way, our approach allows an software architect to automatically detect vulnerabilities in software architectures by using a security knowledge base. We evaluated our approach with real-world case studies, focusing on logistics applications. The evaluation uncovered several flaws with a major impact on the security of the software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For the sake of presentation, we only give the complete names of CWE as well as CAPEC entries in the appendix.

References

  1. Almorsy, M., Grundy, J., Ibrahim, A.S.: Automated software architecture security risk analysis using formalized signatures. In: 35th International Conference on Software Engineering (ICSE), pp. 100–109 (2013)

    Google Scholar 

  2. Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Inf. Softw. Technol. 51, 815–831 (2009)

    Article  Google Scholar 

  3. Berger, B., Sohr, K., Koschke, R.: Extracting and analyzing the implemented security architecture of business applications. In: 2013 17th European Conference on Software Maintenance and Reengineering (CSMR), pp. 285–294 (2013)

    Google Scholar 

  4. Bunke, M., Sohr, K.: An architecture-centric approach to detecting security patterns in software. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 156–166. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Chess, B., West, J.: Secure Programming with Static Analysis. Addison-Wesley, Reading (2007)

    Google Scholar 

  6. Clavel, M., da Silva, V., Braga, C., Egea, M.: Model-driven security in practice: an industrial experience. In: Schieferdecker, I., Hartman, A. (eds.) ECMDA-FA 2008. LNCS, vol. 5095, pp. 326–337. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Criteria, C.: Common Criteria for Information Technology Security Evaluation-Part 1: Introduction and general model (2009). http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R3.pdf

  8. Dhillon, D.: Developer-driven threat modeling: lessons learned in the trenches. IEEE Secur. Priv. 9(4), 41–47 (2011)

    Article  Google Scholar 

  9. Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover Security Design Flaws Using the STRIDE Approach. MSDN Magazine, November 2006. http://msdn.microsoft.com/en-us/magazine/cc163519.aspx

  10. Holzschuher, F., Peinl, R.: Performance of graph query languages: comparison of cypher, gremlin and native access in neo4j. In: Proceedings of the Joint EDBT/ICDT 2013 Workshops, EDBT 2013, NY, USA, pp. 195–204. ACM, New York (2013) http://doi.acm.org/10.1145/2457317.2457351

  11. Jung, C., Rudolph, M., Schwarz, R.: Security evaluation of service-oriented systems with an extensible knowledge base. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 698–703 (2011)

    Google Scholar 

  12. Jürjens, J., Shabalin, P.: Automated verification of UMLsec models forsecurity requirements. In: Baar, T., Strohmeier, A., Moreira, A., Moreira, S.J. (eds.) UML 2004 - The Unified ModelingLanguage: Modeling Languages and Applications. LNCS, vol. 3273. Springer, Heidelberg (2004)

    Google Scholar 

  13. Kuhlmann, M., Sohr, K., Gogolla, M.: Comprehensive two-level analysis of static and dynamic rbac constraints with uml and ocl. In: Proceedings of the 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, pp. 108–117. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  14. Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)

    Article  Google Scholar 

  15. Mantel, H.: Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy, p. 78 (2001).http://computer.org/proceedings/s%26p/1046/10460078abs.htm

  16. McGraw, G.: Software Security: Building Security In. Addison-Wesley, Reading (2006)

    Google Scholar 

  17. Microsoft: Microsoft Security Development Lifecycle (SDL) - Version 5.0. https://www.microsoft.com/en-s/download/details.aspx?displaylang=en&id=12285 (2010)

  18. Mitre: CWE/SANS Top 25 Most Dangerous Software Errors (2015). Accessed: January 15, 2015 http://cwe.mitre.org/top25

  19. Peine, H., Jawurek, M., Mandel, S.: Security goal indicator trees: a model of software features that supports efficient security inspection. In: 11th IEEE High Assurance Systems Engineering Symposium, HASE 2008, pp. 9–18 (2008)

    Google Scholar 

  20. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  21. Schaad, A., Borozdin, M.: Tam2: Automated threat analysis. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1103–1108 (2012)

    Google Scholar 

  22. Schrettner, L., Fülöp, L.J., Ferenc, R., Gyimóthy, T.: Visualization of software architecture graphs of java systems: managing propagated low level dependencies. In: Proceedings of the 8th International Conference on the Principles and Practice of Programming in Java, PPPJ 2010, pp. 148–157. ACM, New York (2010). http://doi.acm.org/10.1145/1852761.1852783

  23. Schumacher, M.: Security Engineering with Patterns - Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)

    Book  MATH  Google Scholar 

  24. Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)

    Google Scholar 

Download references

Acknowledgement

This work was supported by the German Federal Ministry of Education and Research (BMBF) under the grant 16KIS0069K (ZertApps project).

Author information

Authors and Affiliations

  1. Center for Computing Technologies (TZI), Universität Bremen, Bremen, Germany

    Bernhard J. Berger, Karsten Sohr & Rainer Koschke

Authors
  1. Bernhard J. Berger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karsten Sohr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rainer Koschke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bernhard J. Berger .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Madrid, Spain

    Juan Caballero

  2. Paderborn University & Fraunhofer IEM, Paderborn, Germany

    Eric Bodden

  3. VU University, Amsterdam, The Netherlands

    Elias Athanasopoulos

A CWE and CAPEC Rules

A CWE and CAPEC Rules

  1. CWE-22

    Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

  2. CWE-78

    Improper Neutralization of Special Elements used in an OS Command (’OS Command Injection’)

  3. CWE-79

    Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’)

  4. CWE-89

    Improper Neutralization of Special Elements used in an SQL Command (’SQL Injection’)

  5. CWE-120

    Buffer Copy without Checking Size of Input (’Classic Buffer Overflow’)

  6. CWE-134

    Uncontrolled Format String

  7. CWE-190

    Integer Overflow or Wraparound

  8. CWE-288

    Authentication Bypass Using an Alternate Path or Channel

  9. CWE-306

    Missing Authentication for Critical Function

  10. CWE-311

    Missing Encryption of Sensitive Data

  11. CWE-319

    Cleartext Transmission of Sensitive Information

  12. CWE-327

    Use of a Broken or Risky Cryptographic Algorithm

  13. CWE-352

    Cross-Site Request Forgery (CSRF)

  14. CWE-602

    Client-Side Enforcement of Server-Side Security

  15. CWE-759

    Use of a One-Way Hash without a Salt

  16. CAPEC-16

    Dictionary-based Password Attack

  17. CAPEC-22

    Exploiting Trust in Client (aka Make the Client Invisible)

  18. CAPEC-66

    SQL Injection

  19. CAPEC-94

    Man in the Middle Attack

  20. CAPEC-108

    Command Line Execution through SQL Injection

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Berger, B.J., Sohr, K., Koschke, R. (2016). Automatically Extracting Threats from Extended Data Flow Diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2016. Lecture Notes in Computer Science(), vol 9639. Springer, Cham. https://doi.org/10.1007/978-3-319-30806-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30806-7_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30805-0

  • Online ISBN: 978-3-319-30806-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation