ASTRA : A Security Analysis Method Based on Asset Tracking

Abstract: ASTRA is a security analysis method based on the systematic collection and analysis of security relevant information to detect inconsistencies and assess residual risks. ASTRA can accommodate organizational as well as technical aspects of security and it can be applied to innovative products for which no security data (e.g. vulnerability or attack database) is available. In addition, ASTRA explicitly deals with the notion of responsibility and naturally leads to an iterative refinement approach. This paper pro… Show more

“…One of the main challenges in this area is thus to reconcile the global, encompassing view and the local view. A first attempt to achieve this reconciliation is described in [8] which proposes a semi-formal framework to detect and analyse the vulnerabilities of a product based on different security views. These views make it possible to track the assets in their different locations and identify the responsibilities of the actors involved.…”

“…Preconditions define properties of the environment or configurations of the system which make an attack possible; postconditions characterize the modifications of the state of the system resulting from the attack (or attack step). The main benefit of the approach is to provide a setting for the systematic study of the composition of individual threats (or attack steps) to build larger attacks 8 . It thus contributes to reducing the likelihood of oversights in the consideration of potential attacks based on individual threats.…”

“…A variety of security analysis methods are used in industry but they fall essentially into two categories [10]: commercial methods and standards. Examples of commercial methods include FRAAP [11], STRIDE [17,6], ASTRA [8] and Cigital method [10]. [4] or from national bodies such as SEI (Software Engineering Institute -Carnegie Mellon University) [1] or NIST (National Institute of Standards and Technology) [16].…”

IT Security Analysis Best Practices and Formal Approaches

“…One of the main challenges in this area is thus to reconcile the global, encompassing view and the local view. A first attempt to achieve this reconciliation is described in [8] which proposes a semi-formal framework to detect and analyse the vulnerabilities of a product based on different security views. These views make it possible to track the assets in their different locations and identify the responsibilities of the actors involved.…”

“…Preconditions define properties of the environment or configurations of the system which make an attack possible; postconditions characterize the modifications of the state of the system resulting from the attack (or attack step). The main benefit of the approach is to provide a setting for the systematic study of the composition of individual threats (or attack steps) to build larger attacks 8 . It thus contributes to reducing the likelihood of oversights in the consideration of potential attacks based on individual threats.…”

“…A variety of security analysis methods are used in industry but they fall essentially into two categories [10]: commercial methods and standards. Examples of commercial methods include FRAAP [11], STRIDE [17,6], ASTRA [8] and Cigital method [10]. [4] or from national bodies such as SEI (Software Engineering Institute -Carnegie Mellon University) [1] or NIST (National Institute of Standards and Technology) [16].…”

IT Security Analysis Best Practices and Formal Approaches