ABSTRACT
Few attempts have been made at defining a formal and traceable relationship for integrating security in all phases of analysis, modeling, and verification of software systems. In this paper, we propose a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations suggested by the threat model are expressed as constraints over a high-level SAM model and are used to refine it into a secure constrained model. We also, propose a translation from SAM Secure models into the SMV model checker where the threats and the elicited security properties from the threat modeling process are used as inputs to the verification phase as well. This method is developed with the aim of bridging the gap between informal security requirements and their formal representation and verification.
Supplemental Material
Available for Download
Slide presentation for "A rigorous methodology for security architecture modeling and verification"
- Dianxiang Xu, Kendall E. Nygard, "Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets," IEEE Transactions on Software Engineering, vol. 32, no. 4, pp. 265--278, Apr., 2006. Google ScholarDigital Library
- Guido Wimmel, "Model-Based Development of Security-Critical Systems," PhD thesis, TU München, 2005.Google Scholar
- Yi Deng, Jiacun Wang, Jeffrey J. P. Tsai, Konstantin Beznosov, "An Approach for Modeling and Analysis of Security System Architectures," IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 5, pp. 1099--1119, Sept/Oct, 2003. Google ScholarDigital Library
- Yujian Fu, Zhijiang Dong, Xudong, "Modeling, Validating and Automating Composition of Web Services," ACM International Conference Proceeding Series, Proceedings of the 6th international conference on Web engineering, 2006. Google ScholarDigital Library
- Xudong He, Huiqun Yu, Tianjun Shi, Junhua Ding, Yi Deng, "Formally analyzing software architectural specifications using SAM," Journal of Systems and Software 71 (1--2) (2004) 11--29. Google ScholarDigital Library
- Suvda Myagmar, Adam J. Lee, and William Yurcik, "Threat Modeling as a Basis for Security Requirements," Symposium on Requirements Engineering for Information Security (SREIS) in conjunction with 13th IEEE International Requirements Engineering Conference (RE), Paris, France, August 29th, 2005.Google Scholar
Recommendations
A Rigorous Methodology for Security Architecture Modeling and Verification
HICSS '09: Proceedings of the 42nd Hawaii International Conference on System SciencesThis paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations are ...
Modeling and Verification of Reactive Systems using Rebeca
Actor-based modeling has been successfully applied to the representation of concurrent and distributed systems. Besides having an appropriate and efficient way for modeling these systems, one needs a formal verification approach for ensuring their ...
Modeling and Verification of Reactive Systems using Rebeca
Actor-based modeling has been successfully applied to the representation of concurrent and distributed systems. Besides having an appropriate and efficient way for modeling these systems, one needs a formal verification approach for ensuring their ...
Comments