Laurens Sion, Katja Tuma, R. Scandariato, Koen Yskout, W. Joosen
{"title":"Towards Automated Security Design Flaw Detection","authors":"Laurens Sion, Katja Tuma, R. Scandariato, Koen Yskout, W. Joosen","doi":"10.1109/ASEW.2019.00028","DOIUrl":null,"url":null,"abstract":"Efficiency of security-by-design has become an important goal for organizations implementing software engineering practices such as Agile, DevOps, and Continuous Integration. Software architectures are (often manually) analyzed at design time for potential security design flaws, based on natural language descriptions of security weaknesses (e.g., CWE, CAPEC). The use of natural language hinders the application of such knowledge bases in an automated fashion. In this paper, we analyze an existing catalog of 19 security design flaws in order to identify conceptual, technology-independent requirements on architectural models that enable automatically detecting these flaws. This constitutes the first step towards automated assessment of design-level security. Our findings are illustrated on an IoT-based smart home system.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASEW.2019.00028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Efficiency of security-by-design has become an important goal for organizations implementing software engineering practices such as Agile, DevOps, and Continuous Integration. Software architectures are (often manually) analyzed at design time for potential security design flaws, based on natural language descriptions of security weaknesses (e.g., CWE, CAPEC). The use of natural language hinders the application of such knowledge bases in an automated fashion. In this paper, we analyze an existing catalog of 19 security design flaws in order to identify conceptual, technology-independent requirements on architectural models that enable automatically detecting these flaws. This constitutes the first step towards automated assessment of design-level security. Our findings are illustrated on an IoT-based smart home system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
