DocumentCode :
3370870
Title :
A Unified Threat Model for Assessing Threat in Web Applications
Author :
Li, Xiaohong ; He, Ke
Author_Institution :
Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin
fYear :
2008
fDate :
24-26 April 2008
Firstpage :
142
Lastpage :
145
Abstract :
This paper presents a unified threat model for assessing threat in web applications. We extend the threat tree model with more semantic and context information about threat to form the new model which is used to analyze and evaluate threat in the software design stage. We utilize historical statistical information contained in this model to design threat mitigation schemes. The threat assessing results and mitigation schemes can be used to direct secure coding and testing. This makes it possible to design threat-resistant web applications by means of detecting and mitigating threat in the early software design stage.
Keywords :
Internet; security of data; trees (mathematics); Web application; secure coding; software design stage; statistical information; unified threat tree model; Application software; Computer science; Context modeling; Data security; Helium; Information analysis; Information security; Runtime environment; Software design; Testing; Threat Model; secure coding and testing; security software engineering;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
Type :
conf
DOI :
10.1109/ISA.2008.47
Filename :
4511551
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3370870
بازگشت