In English

Design Flaws as Security Threats

Kyriakos Malamas ; Danial Hosseini
Göteborg : Chalmers tekniska högskola, 2017. 120 s.
[Examensarbete på avancerad nivå]

Current practices used to evaluate security in the architecture, usually involve threat modeling activities. These activities, however, often require a significant amount of resources, in terms of time and effort, to achieve complete threat coverage. Other approaches focus on identifying design flaws early on and usually involve the definition of a rule set and the creation of detailed models to check against these rules which require a significant amount of effort and expertise. This study proposes a manual approach in the form of a catalog of design flaws along with detection guidelines in order to detect design flaws related to security threats. A descriptive study is conducted to evaluate the effectiveness and productivity of the approach, as well as how the detected flaws can be related to threats identified by STRIDE. Finally, further investigation is done to understand how the approach can complement existing threat modeling techniques.

Nyckelord: Catalog of design flaws, Design flaws, Security, Secure architecture,Threat modeling



Publikationen registrerades 2017-06-29. Den ändrades senast 2017-06-29

CPL ID: 250250

Detta är en tjänst från Chalmers bibliotek