Software Engineering: A Threat-Driven Approach
Software is a major source of security risks. Sufficient
protection of software applications from attacks is beyond the capabilities of
network-level and operating system-level security approaches (e.g.
cryptography, firewall, and intrusion detection, to name a few) because they
lack knowledge of application semantics. While software engineering principles
have suggested software security be treated in the early phases of software
development, rigorous, well-structured methodologies for engineering secure
software remain to be seen.
Our research explores the threat-driven approach for
addressing various issues of software security engineering. At the core of this
approach is the identification and mitigation of security threats, which are
potential misuses and anomalies that violate security goals or policies.
Security threats determine where and how to apply security features or
assurance techniques. Different from traditional security modeling and analysis
methods that rely on the formalization of security properties,
the threat-driven approach explicitly identifies the behaviors of
A Perspective on Software Security
- Dianxiang Xu, Software
Security, Wiley Encyclopedia of Computer Science and Engineering,
W. Wah (Editor-In-Chief), Volume 5, pages 2703-2716, John Wiley
& Sons, Inc., Hoboken, NJ, January 2009.
Modeling and Verification
- Omar El Ariss, Jianfei Wu, Dianxiang Xu. Towards an
Enhanced Design Level Security Integrating Attack Trees with Statecharts, Proc. of the 5th IEEE International
Conference on Secure Software Integration and Reliability Improvement
(SSIRI'11), Jeju Island, South
Korea, June 2011.
- Omar El Ariss, Dianxiang
Xu. Modeling Security Attacks with Statecharts, Proc. of the 2nd
International ACM SigSoft Symposium on Architecting Critical Systems
(ISARCS 2011), Federated with CompArch 2011, Boulder, Colorado, USA,
- Jun Kong, Dianxiang Xu,
and Xiaoqin Zeng. UML-based Modeling and Analysis of Security Threats. International
Journal of Software Engineering and Knowledge Engineering,
20(6):875-897, Sept. 2010. (expanded version of the COMPSAC'08 paper)
- Jun Kong and Dianxiang Xu.
A UML-based Framework for Design and Analysis of Secure Software, Proc. of the 32nd IEEE Computer
Software and Applications Conference (COMPSAC 2008), July 2008, Turku,
- Dianxiang Xu
and Kendall E. Nygard. Threat-Driven Modeling and Verification of Secure Software
Using Aspect-Oriented Petri Nets. IEEE
Transactions on Software Engineering. Vol. 32,
No. 4, pp. 265-278, April 2006. (expanded version of the ASE'05 paper)
- Dianxiang Xu
and Kendall Nygard. A Threat-Driven Approach to Modeling and Verifying
Secure Software. Proc. of the 2005 IEEE/ACM International
Conference on Automated Software Engineering (ASE 2005), pp. 342-346, November 7-11, 2005. California, USA.
Testing for Security
Dianxiang Xu, Manghui Tu, Michael Sanford, Lijo
Thomas, Daniel Woodraska, and Weifeng Xu, Automated Security Test Generation
with Formal Threat Models, IEEE Transactions on Dependable and Secure
Computing. Vol. 9, No.4, July/August 2012, pp. 525-539.
Aaron Marback, Hyunsook Do, Ke He, Samuel
Kondamarri, Dianxiang Xu, A Threat Model-based Approach to Security Testing, Software:
Practice and Experience, Vol.
43, No.2, pp. 241-258, Feb. 2013.
- Lijo Thomas, Weifeng Xu,
Dianxiang Xu. Mutation Analysis of Magento for Evaluating Threat
Model-Based Security Testing, Proc.
of the 3rd IEEE International Workshop on Software Test Automation (STA'11), in conjunction with COMPSAC 2011, Munich, Germany, July
- Michael Sanford, Daniel
Woodraska, Dianxiang Xu. Security Analysis of FileZilla Server Using
Threat Models. Proc. of the 23rd
International Conf. on Software Engineering and Knowledge
Engineering (SEKE'11), Miami, July 2011.
Woodraska, Michael Sanford, Dianxiang Xu, Security Mutation Testing of the
FileZilla FTP Server, Proc. of the 26th ACM Symposium on Applied
Computing (SACí11), Software Engineering Track, Taiwan, March 2011.
Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu, Security
Test Generation using Threat Trees, Fourth International Workshop on
the Automation of Software Test (AST'09), in
conjunction with ICSE'09, Vancouver, Canada, May 2009.
- Linzhang Wang, W. Eric Wong, and
Xu. A Threat Model Driven Approach for Security
Testing, The 3rd International
Workshop on Software Engineering for Secure Systems (SESS'07), in
conjunction with ICSE'07, Minneapolis. May
- Dianxiang Xu and Joshua Pauli. Threat-Driven Design and
Analysis of Secure Software Architectures. Journal of Information Assurance and Security, Vol.1, No. 3,
pp. 171-180, 2006.
- Joshua Pauli and Dianxiang Xu. Misuse Case-based
Analysis of Secure Software Architecture, Proc. of ITCC'05, April 2005.
- Joshua Pauli and Dianxiang Xu. Threat-Driven
Architectural Design of Secure Information Systems. Proc. of ICEIS'05, Miami, May 2005.
- Dianxiang Xu, Vivek Goel, Kendall Nygard, and W.
Eric Wong. Aspect-Oriented Specification of Threat-Driven Security
Requirements, International Journal of Computer Applications in
Technology, Special Issue on Concern Oriented Software Evolution. Vol.
31, Nos. 1/2, pp. 131-140, 2008. (expanded version of the COMPSAC'06
- Dianxiang Xu, Vivek Goel, and Kendall Nygard. An
Aspect-Oriented Approach to Security Requirements Analysis. Proc. of COMPSAC'06.
- Josh Pauli and Dianxiang Xu. Integrating Functional and
Security Requirements with Use Case Decomposition. In Proc. of the 11th
IEEE International Conference on Engineering of Complex Computer Systems
(ICECCS'06), USA, August 2006.
- Josh Pauli and Dianxiang Xu. Ensuring Consistent
Use/Misuse Case Decomposition for Secure Systems. Proc. of the 18th
International Conference on Software Engineering and Knowledge Engineering
(SEKE'06), CA., USA, July 2006.
- Josh Pauli and Dianxiang Xu. Trade-off Analysis of
Misuse Case-based Secure Software Architectures: A Case Study. In Proc.
of the 3rd International Workshop on Modeling, Simulation, Verification
and Validation of Enterprise Information Systems (MSVVEIS'05).