Threat modeling analyzes how an adversary might attack a system by supplying it with malicious data or interacting with it. The analysis uses a Data Flow Diagram (DFD) to describe how data moves through a system. Today, DFDs are represented informally, reviewed manually with security domain experts and may not reflect all the entry points in the implementation. We designed an approach to check the conformance of an implementation with its security architecture. We extended Reflexion Models to compare as-built DFD recovered from the implementation and the as-designed DFD, by increasing its automation and thus its adoptability. We also designed an analysis to assist DFD designers validate their initial DFDs and detect common security design flaws in them. An evaluation of the approach on subsystems from production code showed that it can find omitted or outdated information in existing DFDs.Parts of this work were conducted while the first author was an intern in the Center for Software Excellence at Microsoft. Abi-Antoun's work is supported in part by NSF grant CCF-0546550, DARPA contract HR00110710019, the Department of Defense, and the Software Industry Center at Carnegie Mellon University and its sponsors, especially the Alfred P. Sloan Foundation. Report Documentation PageForm Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. Threat modeling analyzes how an adversary might attack a system by supplying it with malicious data or interacting with it. The analysis uses a Data Flow Diagram (DFD) to describe how data moves through a system. Today, DFDs are represented informally, reviewed manually with security domain experts and may not reflect all the entry points in the implementation. We designed an approach to check the conformance of an implementation with its security architecture. We extended Reflexion Models to compare as-built DFD recovered from the implementation and the as-designed DFD, by increasing its automation and thus its adoptability. We also designed an analysis to assist DFD designers validate their initial DFDs and detect common security design flaws in them. An evaluation of the approach on subsystems from production code showed that it can find omitted or outdated information in existing DFDs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.