|
| Integrating Threat Modeling in Secure Agent-Oriented Software Development
|
|
Full
text: |
 PDF(1.75MB) |
|
|
Source |
International Journal of Software Engineering (IJSE) |
|
Table of Contents |
|
|
Download
Complete Issue PDF(2.8MB) |
|
Volume: 2 Issue: 3 |
| |
Pages: NULL |
|
Publication
Date: July / August 2011 |
|
ISSN
(Online): 2180-1320 |
|
|
|
|
|
Pages |
23 - 36 |
|
Author(s) |
|
|
|
Published
Date |
05-08-2011 |
|
Publisher |
CSC
Journals, Kuala Lumpur,
Malaysia |
|
ADDITIONAL
INFORMATION |
| Keywords Abstract References Cited by Related Articles Collaborative
Colleague |
| |
|
| |
KEYWORDS: Threat Modeling, Secure Tropos, Security Attack Scenarios |
|
|
| |
|
|
| This Manuscript is indexed in the following databases/websites:- |
|
| 1. Scribd |
| 2. Docstoc |
| |
|
| |
|
|
| The main objective of this paper is to integrate threat modeling when developing a software application following the Secure Tropos methodology. Secure Tropos is an agent-oriented software development methodology which integrates “security extensions” into all development phases. Threat modeling is used to identify, document, and mitigate security risks, therefore, applying threat modeling when defining the security extensions shall lead to better modeling and increased level of security. After integrating threat modeling into this methodology, security attack scenarios are applied to the models to discuss how the security level of the system has been impacted. Security attack scenarios have been used to test different enhancements made to the Secure Tropos methodology and the Tropos methodology itself. The system modeled using this methodology is an e-Commerce application that will be used to sell handmade products made in Ecuador through the web. The .NET Model-View-Controller framework is used to develop our case study application. Results show that integrating threat modeling in the development process, the level of security of the modeled application has increased. The different actors, goals, tasks, and security constraints that were introduced based on the proposed integration help mitigate different risks and vulnerabilities. |
| |
|
| |
|
| |
| |
|
| |
|
| |
| |
|
| |
|
| |
| |
|
| |
|
| |
|
| Ahmed M. Mahdy : Colleagues
|
|
| Diana M. Rojas : Colleagues
|
|
