Realizing the Potential of Attack Patterns for Secure Software Development

A critical challenge in secure cyberspace is engineering more secure software. To address this challenge, it is important to integrate security-related activities and deliverables to each of the phases of software development life cycle (SDLC). To develop secure software, software developers need to think like an attacker. Attack patterns are a mechanism that captures the attacker’s perspective, and approaches used by attackers to generate exploits against software. Attack patterns have the potential to be used in each phase of SDLC. We propose to realize the potential of attack patterns for secure software development by developing methods and tools for using the attack patterns in the Common Attack Pattern Enumeration and Classification (CAPEC) library in the requirements, design and testing phases of SDLC.

[1]  Noopur Davis,et al.  in Practice: A Summary of Recent Results , 2003 .

[2]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[3]  Michael Howard,et al.  The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[4]  Joshua J. Pauli,et al.  Hierarchy-Driven Approach for Attack Patterns in Software Security Education , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[5]  Joshua J. Pauli,et al.  Towards a Specification Prototype for Hierarchy-Driven Attack Patterns , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).