SPARTA: Security &amp; Privacy Architecture Through Risk-Driven Threat Assessment

Sion, Laurens; Landuyt, Dimitri Van; Yskout, Koen; Joosen, Wouter

doi:10.1109/icsa-c.2018.00032

Cited by 31 publications

(29 citation statements)

References 10 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A second analysis of the WebRTC was performed using a different tool as a sanity-check of our results. We compared our results to the results obtained by an Eclipse plugin introduced by Sion et al [16]. The authors identify several threats as less critical.…”

Section: Webrtcmentioning

confidence: 95%

See 1 more Smart Citation

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Tuma

Scandariato

Balliu

2019

2019 IEEE International Conference on Software Architecture (ICSA)

View full text Add to dashboard Cite

This paper presents a practical and formal approach to analyze security-centric information flow policies at the level of the design model. Specifically, we focus on data confidentiality and data integrity objectives. In its guiding principles, the approach is meant to be amenable for designers (e.g., software architects) that have very limited or no background in formal models, logics, and the like. To this aim, we provide an intuitive graphical notation, which is based on the familiar Data Flow Diagrams, and which requires as little effort as possible in terms of extra security-centric information the designer has to provide. The result of the analysis algorithm is the early discovery of design flaws in the form of violations of the intended security properties. The approach is implemented as a publicly available plugin for Eclipse and evaluated with four real-world case studies from publicly available literature.

show abstract

Section: Webrtcmentioning

confidence: 95%

“…Sion et al [16] present an approach for a risk-centric threat analysis of DFDs, which enables threat elicitation and risk analysis. The ability to model security solutions in the form of architectural patterns is useful for a more comprehensive analysis.…”

Section: Related Workmentioning

confidence: 99%

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Tuma

Scandariato

Balliu

2019

2019 IEEE International Conference on Software Architecture (ICSA)

View full text Add to dashboard Cite

show abstract

“…Some authors refer security debt as technical debt containing a security risk [7] or potential security implications [8]. Security engineering techniques (e.g., risk analysis) are used to identify the security debt [6], [8] and security risk in software can be described [7], [11] Technical debt can be a source of security debt [1], [3], [8] Tradeoffs of security and other quality attributes (e.g., performance) might force to assume security debt [5], [14] Organizational Organization policies should prioritize security debt [12], [19] Security awareness and skills are needed to avoid security debt [8], [13] Security debt involves different stakeholders requiring discussions and decision making among them [5], [14] Consequences Business damage: High interest of the debt [8], [9], [12], [14], [16], [21] Interest will be paid mainly when someone exploit the vulnerability [8], [9], [16], [21] Paying the principal of the security debt might require to change processes [16], [19] in terms of technical debt [8], e.g., including the probability attribute to the security debt item to measure the chances that the security-related defect can be actually exploited [5].…”

Section: B Characteristicsmentioning

confidence: 99%

Security Debt: Characteristics, Product Life-Cycle Integration and Items

Martínez

Quintano

Ruíz

et al. 2021

2021 IEEE/ACM International Conference on Technical Debt (TechDebt)

View full text Add to dashboard Cite

Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.

show abstract

“…Both methodologies act upon Data Flow Diagrams (DFDs) as system representation, which makes them complementary. The efficiency of their synergy in terms of security and privacy threat modelling is proven by the SPARTA tool introduced in [28]. Since STRIDE and LINDDUN miss on risk assessment [7], SPARTA tries to enrich them with FAIR [13] risk analysis, but it does not provide means for managing variability and providing scoring for system configurations.…”

Section: Identified Gap and Research Questionmentioning

confidence: 99%

Threat and Risk Management Framework for eHealth IoT Applications

Tomashchuk

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

View full text Add to dashboard Cite

The impact of the Internet of Things (IoT) on the modern industrial and commercial systems is hard to be underestimated. Almost every domain favours from the benefits that IoT brings, and healthcare does not make an exception. This is also clearly demonstrated by a widespread adoption of eHealth systems that often arise from software product lines. Nevertheless, the benefits that IoT brings come together with new threats and risks. An eHealth system that processes many types of sensitive data sets the context for this thesis. Security and privacy gain crucial importance for successful operation and broad user acceptance of the system because of the properties of the data flows that it initiates and operates. However, due to a large number of feature combinations that originate from the software product line nature of the eHealth system in question, a combinatorial explosion of relevant configurations makes reaching security and privacy goals more difficult. Furthermore, another combinatorial explosion of threats and corresponding mitigation strategies for every configuration complicates the situation even further. Nonetheless, configurations that meet specific risk budgets need to be in place. Within this thesis, a new threat and risk management (TRM) framework will be provided. It is based on STRIDE and LINDDUN methodologies, and it will overcome existing limitations by employing components on feature space modelling, risk-driven scoring, configuration decision support, and regulatory compliance. Research outcomes that have been reached so far show promising developments on the vital framework components. CCS CONCEPTS • Security and privacy → Mobile platform security; Data anonymization and sanitization; Usability in security and privacy; Privacy protections; Mobile and wireless security; Information flow control; • Software and its engineering → Software product lines.

show abstract

SPARTA: Security & Privacy Architecture Through Risk-Driven Threat Assessment

Cited by 31 publications

References 10 publications

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Security Debt: Characteristics, Product Life-Cycle Integration and Items

Threat and Risk Management Framework for eHealth IoT Applications

Contact Info

Product

Resources

About