Contextualisation of Data Flow Diagrams for security analysis

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.

[1]  Raimundas Matulevicius Fundamentals of Secure System Modelling , 2017, Springer International Publishing.

[2]  Andrew Jones,et al.  Risk Management for Computer Security - Protecting Your Network and Information Assets , 2005 .

[3]  Shamal Faily,et al.  Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS , 2010, Int. J. Secur. Softw. Eng..

[4]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[5]  Maura Adana Van Der Linden Testing Code Security , 2007 .

[6]  Shamal Faily,et al.  Tool-Supporting Data Protection Impact Assessments with CAIRIS , 2018, 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE).

[7]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[8]  H. Simon Rational Decision Making in Business Organizations , 1978 .

[9]  Doreen Meier,et al.  Structured Design Fundamentals Of A Discipline Of Computer Program And Systems Design , 2016 .

[10]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[11]  Emden R. Gansner,et al.  Graphviz - Open Source Graph Drawing Tools , 2001, GD.

[12]  Shamal Faily,et al.  Barry is not the weakest link: eliciting secure system requirements with personas , 2010, BCS HCI.

[13]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[14]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[15]  Riccardo Scandariato,et al.  Towards Security Threats that Matter , 2017, CyberICPS/SECPRE@ESORICS.

[16]  Shamal Faily,et al.  Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS , 2010 .

[17]  Alan Cooper,et al.  About Face 3: the essentials of interaction design , 1995 .

[18]  Raimundas Matulevičius Secure System Development , 2017 .

[19]  Riccardo Scandariato,et al.  Threat analysis of software systems: A systematic literature review , 2018, J. Syst. Softw..

[20]  Shamal Faily,et al.  Assessing System of Systems Security Risk and Requirements with OASoSIS , 2018, 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE).

[21]  Shamal Faily,et al.  Designing Usable and Secure Software with IRIS and CAIRIS , 2018, Springer International Publishing.

[22]  Riccardo Scandariato,et al.  Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis , 2019, 2019 IEEE International Conference on Software Architecture (ICSA).

[23]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[24]  Wouter Joosen,et al.  Security Threat Modeling: Are Data Flow Diagrams Enough? , 2020, ICSE.

[25]  Riccardo Scandariato,et al.  Privacy Compliance Via Model Transformations , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).