Abstract | ||
---|---|---|
To improve the security of computer systems, information, and the cyber space, it is critical to engineer more secure software. To develop secure and reliable software, software developers need to have the mindset of an attacker. Attack patterns such as CAPEC are valuable resources to help software developers to think like an attacker and have the potential to be used in each phase of the secure software development life cycle. However, systematic processes or methods for utilizing existing attack pattern resources are needed. As a first step, this paper describes our ongoing effort of developing a tool to retrieve relevant CAPEC attack patterns for software development. This tool can retrieve attack patterns most relevant to a particular STRIDE type, as well as most useful to the software being developed. It can be used in conjunction with the Microsoft SDL threat modeling tool. It also allows developers to search for CAPEC attack patterns using keywords. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1145/2602087.2602092 | CISR |
Keywords | Field | DocType |
algorithms,security,capec,secure software engineering,secure software development,stride,protection mechanisms,attack pattern | Attack patterns,Computer science,Threat model,Computer security,Package development process,Software,Systems development life cycle,Software construction,Software verification and validation,Software development | Conference |
Citations | PageRank | References |
3 | 0.51 | 3 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Xiaohong Yuan | 1 | 169 | 26.72 |
Emmanuel Borkor Nuakoh | 2 | 6 | 0.98 |
Jodria S. Beal | 3 | 3 | 0.51 |
Huiming Yu | 4 | 65 | 14.25 |