A Unified Threat Model for Assessing Threat in Web Applications

Author

Li, Xiaohong ; He, Ke

Author_Institution

Sch. of Comput. Sci. & Technol., Tianjin Univ., Tianjin

fYear

2008

fDate

24-26 April 2008

Firstpage

142

Lastpage

145

Abstract

This paper presents a unified threat model for assessing threat in web applications. We extend the threat tree model with more semantic and context information about threat to form the new model which is used to analyze and evaluate threat in the software design stage. We utilize historical statistical information contained in this model to design threat mitigation schemes. The threat assessing results and mitigation schemes can be used to direct secure coding and testing. This makes it possible to design threat-resistant web applications by means of detecting and mitigating threat in the early software design stage.

Keywords

Internet; security of data; trees (mathematics); Web application; secure coding; software design stage; statistical information; unified threat tree model; Application software; Computer science; Context modeling; Data security; Helium; Information analysis; Information security; Runtime environment; Software design; Testing; Threat Model; secure coding and testing; security software engineering;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.47

Filename

4511551

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3370870