Automatically Extracting Threats from Extended Data Flow Diagrams

Architectural risk analysis is an important aspect of developing software that is free of security flaws. Knowledge on architectural flaws, however, is sparse, in particular in small or medium-sized enterprises. In this paper, we propose a practical approach to architectural risk analysis that leverages Microsoft's threat modeling. Our technique decouples the creation of a system's architecture from the process of detecting and collecting architectural flaws. This way, our approach allows an software architect to automatically detect vulnerabilities in software architectures by using a security knowledge base. We evaluated our approach with real-world case studies, focusing on logistics applications. The evaluation uncovered several flaws with a major impact on the security of the software.

[1]  Danny Dhillon,et al.  Developer-Driven Threat Modeling: Lessons Learned in the Trenches , 2011, IEEE Security & Privacy.

[2]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[3]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[4]  Jacob West,et al.  Secure Programming with Static Analysis , 2007 .

[5]  John Grundy,et al.  Automated software architecture security risk analysis using formalized signatures , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[6]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[7]  Bob Martin,et al.  2010 CWE/SANS Top 25 Most Dangerous Software Errors , 2010 .

[8]  David A. Basin,et al.  Automated analysis of security-design models , 2009, Inf. Softw. Technol..

[9]  Martin Gogolla,et al.  Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement.

[10]  Marek Jawurek,et al.  Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[11]  Andreas Schaad,et al.  TAM2: automated threat analysis , 2012, SAC '12.

[12]  Jan Jürjens,et al.  Automated Verification of UMLsec Models for Security Requirements , 2004, UML.

[13]  René Peinl,et al.  Performance of graph query languages: comparison of cypher, gremlin and native access in Neo4j , 2013, EDBT '13.

[14]  Christian Jung,et al.  Security Evaluation of Service-oriented Systems with an Extensible Knowledge Base , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[15]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[16]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[17]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[18]  John Grundy,et al.  Supporting automated vulnerability analysis using formalized vulnerability signatures , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[19]  Viviane Torres da Silva,et al.  Model-Driven Security in Practice: An Industrial Experience , 2008, ECMDA-FA.

[20]  Tibor Gyimóthy,et al.  Visualization of software architecture graphs of Java systems: managing propagated low level dependencies , 2010, PPPJ.

[21]  Karsten Sohr,et al.  Extracting and Analyzing the Implemented Security Architecture of Business Applications , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[22]  Karsten Sohr,et al.  An Architecture-Centric Approach to Detecting Security Patterns in Software , 2011, ESSoS.