A Reuse-Based Approach to Determining Security Requirements
نویسندگان
چکیده
The paper proposes a reuse-based approach to determining security requirements. Development for reuse involves identifying security threats and associated security requirements during application development and abstracting them into a repository of generic threats and requirements. Development with reuse involves identifying security assets, setting security goals for each asset, identifying threats to each goal, analysing risks and determining security requirements, based on reuse of generic threats and requirements from the repository. Advantages of the proposed approach include building and managing security knowledge through the shared repository, assuring the quality of security work by reuse, avoiding over-specification and premature design decisions by reuse at the generic level and focussing on security early in the requirements stage of development.
منابع مشابه
A Security Requirements Approach for Web Systems
In order to avoid the high impacts of software vulnerabilities, it is necessary to specify security requirements early in the development on a detailed level. Current approaches for security requirements engineering give insufficient support for refining high-level requirements to a concrete and assessable level. Furthermore, reuse mechanisms for these detailed requirements are missing. This pa...
متن کاملDwarf Frankenstein is still in your memory: tiny code reuse attacks
Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...
متن کاملA Reuse-Based Approach to Security Requirements Engineering
The paper presents a reuse-based approach to the modeling, specification and analysis of application-specific security requirements. The method is based on a goaloriented framework that addresses malicious goals (called anti-goals) set up by attackers to threaten security goals. Threat tree fragments are built systematically through specializations of attack patterns. Attack patterns abstract a...
متن کاملAggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...
متن کاملAttack Patterns for Security Requirements Engineering
The importance of security concerns at requirements engineering time is increasingly recognized. However, little support is available to help requirements engineers elaborate adequate, consistent, and complete security requirements. The paper presents a reuse-based approach for modeling, specifying, and analyzing application-specific security requirements. The method is based on a goal-oriented...
متن کامل