Title :
A Rigorous Methodology for Security Architecture Modeling and Verification
Author :
Ali, Yussuf ; El-Kassas, S. ; Mahmoud, Mohamed
Author_Institution :
American Univ. in Cairo, Cairo
Abstract :
This paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM (Software Architecture Modeling framework) and verifying them formally using Symbolic Model Checking. Security mitigations are expressed as constraints over a high-level SAM model and are used to refine it into a secure constrained model. We also, propose a translation from SAM Secure models into the SMV model checker where the threats and the elicited security properties from the threat modeling process are used as inputs to the verification phase as well. This method is developed with the aim of bridging the gap between informal security requirements and their formal representation and verification.
Keywords :
security of data; Software Architecture Modeling framework; Symbolic Model Checking; building secure software architectures; rigorous methodology; security architecture modeling; Application software; Authentication; Availability; Computer security; Data mining; Data security; Humans; Software engineering; Software testing; Software tools;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.35
