Design Flaws as Security Threats
Ladda ner
Typ
Examensarbete för masterexamen
Master Thesis
Master Thesis
Program
Software engineering and technology (MPSOF), MSc
Publicerad
2017
Författare
Malamas, Kyriakos
Hosseini, Danial
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Current practices used to evaluate security in the architecture, usually involve threat modeling activities. These activities, however, often require a significant amount of resources, in terms of time and effort, to achieve complete threat coverage. Other approaches focus on identifying design flaws early on and usually involve the definition of a rule set and the creation of detailed models to check against these rules which require a significant amount of effort and expertise. This study proposes a manual approach in the form of a catalog of design flaws along with detection guidelines in order to detect design flaws related to security threats. A descriptive study is conducted to evaluate the effectiveness and productivity of the approach, as well as how the detected flaws can be related to threats identified by STRIDE. Finally, further investigation is done to understand how the approach can complement existing threat modeling techniques.
Beskrivning
Ämne/nyckelord
Data- och informationsvetenskap , Computer and Information Science