• DocumentCode
    2413099
  • Title

    A Rigorous Methodology for Security Architecture Modeling and Verification

  • Author

    Ali, Yussuf ; El-Kassas, S. ; Mahmoud, Mohamed

  • Author_Institution
    American Univ. in Cairo, Cairo
  • fYear
    2009
  • fDate
    5-8 Jan. 2009
  • Firstpage
    1
  • Lastpage
    10
  • Abstract
    This paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations are expressed as constraints over a high-level SAM model and are used to refine it into a secure constrained model. We also, propose a translation from SAM Secure models into the SMV model checker where the threats and the elicited security properties from the threat modeling process are used as inputs to the verification phase as well. This method is developed with the aim of bridging the gap between informal security requirements and their formal representation and verification.
  • Keywords
    security of data; Software Architecture Modeling framework; Symbolic Model Checking; building secure software architectures; rigorous methodology; security architecture modeling; Application software; Authentication; Availability; Computer security; Data mining; Data security; Humans; Software engineering; Software testing; Software tools;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
  • Conference_Location
    Big Island, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-0-7695-3450-3
  • Type

    conf

  • DOI
    10.1109/HICSS.2009.35
  • Filename
    4755408
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2413099