自动化架构安全性分析

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2012-06-20 DOI:10.1145/2295136.2295162

A. Schaad, Alexandr Garaga

{"title":"自动化架构安全性分析","authors":"A. Schaad, Alexandr Garaga","doi":"10.1145/2295136.2295162","DOIUrl":null,"url":null,"abstract":"In earlier work [1] we had looked at implementing the Microsoft STRIDE methodology in the context of evaluating security properties of FMC/TAM architectural diagrams. However, a major drawback of this approach is that it requires significant manual work to assess all reported potential threats, as well as identify concrete follow-ups. Equally, it is not possible to analyse an architecture from the perspective of the primary assets that require protection. This led us to two questions:\n a) whether using interaction information in architecture diagrams, supported by additional security semantics, can reduce the scope of analysis as well as partly automate it;\n b) whether using asset-centric and attacker-centric perspectives can complement the software-centric perspective of STRIDE and thus add value to the current threat model.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"15 1","pages":"131-132"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Automating architectural security analysis\",\"authors\":\"A. Schaad, Alexandr Garaga\",\"doi\":\"10.1145/2295136.2295162\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In earlier work [1] we had looked at implementing the Microsoft STRIDE methodology in the context of evaluating security properties of FMC/TAM architectural diagrams. However, a major drawback of this approach is that it requires significant manual work to assess all reported potential threats, as well as identify concrete follow-ups. Equally, it is not possible to analyse an architecture from the perspective of the primary assets that require protection. This led us to two questions:\\n a) whether using interaction information in architecture diagrams, supported by additional security semantics, can reduce the scope of analysis as well as partly automate it;\\n b) whether using asset-centric and attacker-centric perspectives can complement the software-centric perspective of STRIDE and thus add value to the current threat model.\",\"PeriodicalId\":74509,\"journal\":{\"name\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"volume\":\"15 1\",\"pages\":\"131-132\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2295136.2295162\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2295136.2295162","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

在早期的工作[1]中，我们研究了在评估FMC/TAM架构图的安全属性的背景下实现Microsoft STRIDE方法。然而，这种方法的一个主要缺点是它需要大量的手工工作来评估所有报告的潜在威胁，以及确定具体的后续行动。同样，从需要保护的主要资产的角度分析体系结构是不可能的。这给我们带来了两个问题:a)在架构图中使用交互信息，由额外的安全语义支持，是否可以减少分析的范围，并部分自动化分析;b)使用以资产为中心和以攻击者为中心的视角是否可以补充STRIDE的以软件为中心的视角，从而为当前的威胁模型增加价值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Automating architectural security analysis

In earlier work [1] we had looked at implementing the Microsoft STRIDE methodology in the context of evaluating security properties of FMC/TAM architectural diagrams. However, a major drawback of this approach is that it requires significant manual work to assess all reported potential threats, as well as identify concrete follow-ups. Equally, it is not possible to analyse an architecture from the perspective of the primary assets that require protection. This led us to two questions: a) whether using interaction information in architecture diagrams, supported by additional security semantics, can reduce the scope of analysis as well as partly automate it; b) whether using asset-centric and attacker-centric perspectives can complement the software-centric perspective of STRIDE and thus add value to the current threat model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量