Scenarios in which the security of software-based systems is harmed become more and more frequent. Such scenarios can lead to substantial damage, not only financially, but also in terms of loss of reputation. Hence, it is important to consider those threats to security already in the early stages of software development. However, it is non-trivial to identify all of them in a systematic manner. In particular, the knowledge about threats is not documented in a consistent manner. The Common Vulnerability Scoring System is a well known way to characterize vulnerabilities in a structured way. Our idea is to document threats in a similar way, using a template. A distinguishing feature of our approach is that we relate the threats to the envisaged functionality of the software. Our contribution is two-fold: first, we propose a general template to describe security threats that can be used in the early stages of software development. Second, we define a systematic and semi-automatic procedure to identify relevant threats for a software development project, taking the functionality of the software-to-be into account.
CITATION STYLE
Wirtz, R., & Heisel, M. (2019). A Systematic Method to Describe and Identify Security Threats Based on Functional Requirements. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11391 LNCS, pp. 205–221). Springer Verlag. https://doi.org/10.1007/978-3-030-12143-3_17
Mendeley helps you to discover research relevant for your work.