MetaSEnD: A Security Enabled Development Life Cycle Meta-Model

Granata, Daniele; Rak, Massimiliano; Salzillo, Giovanni

doi:10.1145/3538969.3544463

Cited by 7 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We found that 23.5% of the studies reviewed focused on the security design. Granat et al [ 13 ] provided an identification technique of security approaches in the development lifecycle, which significantly benefits the developers in reducing the security overheads in the software. For microservice development, implementing security architecture tactics impacts secure communication, identity management, and observability.…”

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.

show abstract

Section: Resultsmentioning

confidence: 99%

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Rahaman

Islam

Černý

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Such an approach was tested in different contexts (cloud, IoT) [5]- [7] and enabled an automated risk analysis process [8] based on OWASP risk rating technique [9], in order to calculate the risk (i.e., a probability that a threat may happen) for each threat selected during the threat modelling phase. Risk values are taken into account in the countermeasures selection phase in order to prioritize the security control selection.…”

mentioning

confidence: 99%

Automated Generation of 5G Fine-Grained Threat Models: A Systematic Approach

Granata,

Rak,

Mallouli

2023

IEEE Access

View full text Add to dashboard Cite

Fifth-generation technology standard for broadband cellular networks, 5G, delivers a significant increase in data speeds and capacity, as well as new capabilities such as higher energy efficiency, lower latency, and the ability to connect a large number of devices. These advances come with a new set of security challenges, as 5G networks will be more complex and integrated with critical infrastructure than previous generations. In order to correctly address such challenges there is the need for fine-grained threat models, that collect a set of well-detailed threats, each of them clearly addressing a system component, taking into account how components are connected and interact with each other, the specific technology and/or the protocols are involved. A fine-grained threat model can be used to support the definition of a penetration testing plan or to identify and verify the effectiveness of technical countermeasures. This paper extends an existing automated threat modelling methodology focusing on 5G architecture and defines a process to build in a systematic way the catalogue of threats on which the technique relies. In order to obtain such results, we extended our modelling technique, in order to model 5G architectures, defined a process to extend our methodology to address additional domains and applied the approach to a concrete case study, applying our technique to a common 5G open-source architecture proposed by our industrial partner. The main contribution of this paper can be summarized as follows(I) A technique to systematically produce an extension of our modelling technique and a threat catalogue for a specific Domain, (ii) A 5G systems threat catalogue, (iii) A 5G systems graph-based modelling technique. As an additional result, we validated our approach, applying our technique in a real context and involving industrial experts for the evaluation of the generated fine-grained threat model.

show abstract

Practices and challenges of threat modelling in agile environments

Theurich,

Witt,

Richter

2023

Informatik Spektrum

View full text Add to dashboard Cite

Facing the increasing annual cybersecurity costs, threat modelling (TM) is a method to consider security as early as possible in the software development life cycle (SDLC). Thereby, TM helps to identify and address security-related design flaws in information systems. As the original TM approach is based on sequential development, it is not aligned with today’s predominantly agile environments. This results in several challenges. However, TM’s implementation in an agile development approach lacks the recommendations on how to tackle these challenges. Therefore, we assess the state-of-the-art of TM challenges and practices in agile environments by conducting a literature review covering 220 papers. Thereby, we identify nine categories of challenges and six categories of practices. We propose a valuable artefact for practitioners by mapping challenges and practices to the agile SDLC and by creating a matrix highlighting how the practices address the challenges of TM in an agile environment.

show abstract

MetaSEnD: A Security Enabled Development Life Cycle Meta-Model

Cited by 7 publications

References 14 publications

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study

Automated Generation of 5G Fine-Grained Threat Models: A Systematic Approach

Practices and challenges of threat modelling in agile environments

Contact Info

Product

Resources

About