Systematic Elicitation of Common Security Design Flaws
Description
Abstract—Threat modeling allows potential security threats to be identified and mitigated at design time. Countermeasures in current threat modeling approaches are mostly modeled as a boolean: either they are implemented, or they are not. This does not allow to take into account potential design flaws for the countermeasure itself. A considerable number of security issues is, however, related to the wrong or incomplete application of common security tactics. For example, the effectiveness of audit logs drops if the data written to the logs is not sanitized. In this paper, we describe our novel approach which aims to systematically and automatically identify common security design flaws.
Notes
Files
eurosp22posters-final22-1-3.pdf
Files
(237.4 kB)
Name | Size | Download all |
---|---|---|
md5:8a486b730a2d9875221f8c6a8778eb08
|
237.4 kB | Preview Download |
Additional details
Related works
- Is part of
- Poster: 10.5281/zenodo.7068698 (DOI)