Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published June 6, 2022 | Version v1
Poster Open

Systematic Elicitation of Common Security Design Flaws

  • 1. imec-DistriNet, KU Leuven

Description

Abstract—Threat modeling allows potential security threats to be identified and mitigated at design time. Countermeasures in current threat modeling approaches are mostly modeled as a boolean: either they are implemented, or they are not. This does not allow to take into account potential design flaws for the countermeasure itself. A considerable number of security issues is, however, related to the wrong or incomplete application of common security tactics. For example, the effectiveness of audit logs drops if the data written to the logs is not sanitized. In this paper, we describe our novel approach which aims to systematically and automatically identify common security design flaws.

Notes

The poster was accepted at the 7th IEEE European Symposium on Security and Privacy (Euro S&P 2022) and presented in the poster session. Original poster: https://ieeeeurosp.github.io/2022/posters/

Files

eurosp22posters-final22-1-3.pdf

Files (237.4 kB)

Name Size Download all
md5:8a486b730a2d9875221f8c6a8778eb08
237.4 kB Preview Download

Additional details

Related works

Is part of
Poster: 10.5281/zenodo.7068698 (DOI)