Internet Archive Scholar

A rigorous methodology for security architecture modeling and verification

Yomna Ali, Sherif El-Kassas
2008 Proceedings of the 4th annual workshop on Cyber security and informaiton intelligence research developing strategies to meet the cyber security and information intelligence challenges ahead - CSIIRW '08  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (576.2 kB)
https://web.archive.org/web/20170818220729/https://www.computer.org/csdl/proceedings/hicss/2009/3450/00/02-01-02.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

This paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations are expressed as constraints over a high-level SAM model and are used to refine it into a secure constrained model. We also, propose a translation from SAM Secure models into the SMV model checker where the threats and the elicited security
more » ... s from the threat modeling process are used as inputs to the verification phase as well. This method is developed with the aim of bridging the gap between informal security requirements and their formal representation and verification.
doi:10.1145/1413140.1413155 fatcat:6mitxpphkrgedhbnkzqbs3swsy
Citation

Yomna Ali, Sherif El-Kassas. "A rigorous methodology for security architecture modeling and verification." Proceedings of the 4th annual workshop on Cyber security and informaiton intelligence research developing strategies to meet the cyber security and information intelligence challenges ahead - CSIIRW '08 (2008)