A risk-centric defensive architecture for threat modelling in e-government application

To improve the security of an e-government, software engineering plays a vital role. During the application development for an e-government, there exist several risks. To analyse those risks, threat modelling methodology which is defined as the process to understand and address the threats of an application. Threat modelling is used to determine security controls and countermeasures for the targeting attacks. This paper describes an approach to identify how far the attack penetrates in risk layers and how the model defends from an attacker in e-government systems. The relevant attacks are retrieved from the attack pattern information is gathered from MITRE's common attack pattern enumeration and classification (CAPEC) security source. This architecture dynamically identifies the risk severity and prioritises the risk in a single step. An attack pattern applied to a risk-centric defensive architecture model to identify threat severity and also it is prioritised based on its impact. We validate risk-centric defensive architecture model by implementing it in a tool based on data flow diagrams (DFDs), from the Microsoft security development methodology.

[1]  Mathias Ekstedt,et al.  A probabilistic relational model for security risk analysis , 2010, Comput. Secur..

[2]  Andreas L. Opdahl,et al.  Experimental comparison of attack trees and misuse cases for security threat identification , 2009, Inf. Softw. Technol..

[3]  Dianxiang Xu,et al.  A Threat Model Driven Approach for Security Testing , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[4]  Donatello Santoro,et al.  On federated single sign-on in e-government interoperability frameworks , 2016 .

[5]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[6]  Adnan Masood,et al.  Static analysis for web service security - Tools & techniques for a secure development life cycle , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[7]  M. Prasanna,et al.  Generation of Test Case using Automation in Software Systems – A Review , 2015 .

[8]  Tony Ucedavélez,et al.  Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis , 2015 .

[9]  Inger Anne Tøndel,et al.  Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation , 2010, ESSoS.

[10]  Guttorm Sindre,et al.  Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks , 2012, Int. J. Secur. Softw. Eng..

[11]  Durga Prasad Mohapatra,et al.  Risk analysis: a guiding force in the improvement of testing , 2013, IET Softw..

[12]  Wouter Joosen,et al.  A descriptive study of Microsoft’s threat modeling technique , 2015, Requirements Engineering.

[13]  V Maheshwari,et al.  Integrating risk assessment and threat modeling within SDLC process , 2016, 2016 International Conference on Inventive Computation Technologies (ICICT).

[14]  Dianxiang Xu,et al.  Automated Security Test Generation with Formal Threat Models , 2012, IEEE Transactions on Dependable and Secure Computing.

[15]  Dianxiang Xu,et al.  Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement.

[16]  Xiaoqin Zeng,et al.  Uml-Based Modeling and Analysis of Security Threats , 2010, Int. J. Softw. Eng. Knowl. Eng..