Secure Software Engineering: A Threat-Driven Approach

Software is a major source of security risks. Sufficient protection of software applications from attacks is beyond the capabilities of network-level and operating system-level security approaches (e.g. cryptography, firewall, and intrusion detection, to name a few) because they lack knowledge of application semantics. While software engineering principles have suggested software security be treated in the early phases of software development, rigorous, well-structured methodologies for engineering secure software remain to be seen.

Our research explores the threat-driven approach for addressing various issues of software security engineering. At the core of this approach is the identification and mitigation of security threats, which are potential misuses and anomalies that violate security goals or policies. Security threats determine where and how to apply security features or assurance techniques. Different from traditional security modeling and analysis methods that rely on the formalization of security properties, the threat-driven approach explicitly identifies the behaviors of security threats.

A Perspective on Software Security

  1. Dianxiang Xu, Software Security, Wiley Encyclopedia of Computer Science and Engineering, W. Wah (Editor-In-Chief), Volume 5, pages 2703-2716, John Wiley & Sons, Inc., Hoboken, NJ, January 2009.

 

Threat Modeling and Verification

  1. Omar El Ariss, Jianfei Wu, Dianxiang Xu. Towards an Enhanced Design Level Security Integrating Attack Trees with Statecharts, Proc. of the 5th IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI'11), Jeju Island, South Korea, June 2011.
  2. Omar El Ariss, Dianxiang Xu. Modeling Security Attacks with Statecharts, Proc. of the 2nd International ACM SigSoft Symposium on Architecting Critical Systems (ISARCS 2011), Federated with CompArch 2011, Boulder, Colorado, USA, June 2011.
  3. Jun Kong, Dianxiang Xu, and Xiaoqin Zeng. UML-based Modeling and Analysis of Security Threats. International Journal of Software Engineering and Knowledge Engineering, 20(6):875-897, Sept. 2010. (expanded version of the COMPSAC'08 paper)
  4. Jun Kong and Dianxiang Xu. A UML-based Framework for Design and Analysis of Secure Software, Proc. of the 32nd IEEE Computer Software and Applications Conference (COMPSAC 2008), July 2008, Turku, Finland.
  5. Dianxiang Xu and Kendall E. Nygard. Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets. IEEE Transactions on Software Engineering. Vol. 32, No. 4, pp. 265-278, April 2006. (expanded version of the ASE'05 paper)
  6. Dianxiang Xu and Kendall Nygard. A Threat-Driven Approach to Modeling and Verifying Secure Software. Proc. of the 2005 IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), pp. 342-346, November 7-11, 2005. California, USA.

 

Testing for Security

8.     Dianxiang Xu, Manghui Tu, Michael Sanford, Lijo Thomas, Daniel Woodraska, and Weifeng Xu, Automated Security Test Generation with Formal Threat Models, IEEE Transactions on Dependable and Secure Computing. Vol. 9, No.4, July/August 2012, pp. 525-539.

9.     Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu, A Threat Model-based Approach to Security Testing, Software: Practice and Experience, Vol. 43, No.2, pp. 241-258, Feb. 2013.

  1. Lijo Thomas, Weifeng Xu, Dianxiang Xu. Mutation Analysis of Magento for Evaluating Threat Model-Based Security Testing, Proc. of the 3rd IEEE International Workshop on Software Test Automation (STA'11), in conjunction with COMPSAC 2011, Munich, Germany, July 2011.
  2. Michael Sanford, Daniel Woodraska, Dianxiang Xu. Security Analysis of FileZilla Server Using Threat Models. Proc. of the 23rd International Conf. on Software Engineering and Knowledge Engineering (SEKE'11), Miami, July 2011.
  3. Daniel Woodraska, Michael Sanford, Dianxiang Xu, Security Mutation Testing of the FileZilla FTP Server, Proc. of the 26th ACM Symposium on Applied Computing (SACí11), Software Engineering Track, Taiwan, March 2011.
  4. Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu, Security Test Generation using Threat Trees, Fourth International Workshop on the Automation of Software Test (AST'09), in conjunction with ICSE'09, Vancouver, Canada, May 2009.
  5. Linzhang Wang, W. Eric Wong, and Dianxiang Xu. A Threat Model Driven Approach for Security Testing, The 3rd International Workshop on Software Engineering for Secure Systems (SESS'07), in conjunction with ICSE'07, Minneapolis. May 2007. 

 

Secure Architecture Design

  1. Dianxiang Xu and Joshua Pauli. Threat-Driven Design and Analysis of Secure Software Architectures. Journal of Information Assurance and Security, Vol.1, No. 3, pp. 171-180, 2006.
  2. Joshua Pauli and Dianxiang Xu. Misuse Case-based Analysis of Secure Software Architecture, Proc. of ITCC'05, April 2005.
  3. Joshua Pauli and Dianxiang Xu. Threat-Driven Architectural Design of Secure Information Systems. Proc. of ICEIS'05, Miami, May 2005.

 

Security Requirements Analysis

  1. Dianxiang Xu, Vivek Goel, Kendall Nygard, and W. Eric Wong. Aspect-Oriented Specification of Threat-Driven Security Requirements, International Journal of Computer Applications in Technology, Special Issue on Concern Oriented Software Evolution. Vol. 31, Nos. 1/2, pp. 131-140, 2008.  (expanded version of the COMPSAC'06 paper)
  2. Dianxiang Xu, Vivek Goel, and Kendall Nygard. An Aspect-Oriented Approach to Security Requirements Analysis. Proc. of COMPSAC'06.  
  3. Josh Pauli and Dianxiang Xu. Integrating Functional and Security Requirements with Use Case Decomposition. In Proc. of the 11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06), USA, August 2006.
  4. Josh Pauli and Dianxiang Xu. Ensuring Consistent Use/Misuse Case Decomposition for Secure Systems. Proc. of the 18th International Conference on Software Engineering and Knowledge Engineering (SEKE'06), CA., USA, July 2006.
  5. Josh Pauli and Dianxiang Xu. Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study. In Proc. of the 3rd International Workshop on Modeling, Simulation, Verification and Validation of Enterprise Information Systems (MSVVEIS'05).