Software Security: A Threat-Driven Approach
Software is a major source of security risks. Sufficient protection of software applications from attacks is beyond the capabilities of network-level and operating system-level security approaches (e.g. cryptography, firewall, and intrusion detection, to name a few) because they lack knowledge of application semantics. While software engineering principles have suggested software security be treated in the early phases of software development, rigorous, well-structured methodologies for engineering secure software remain to be seen.

Our research explores the threat-driven approach for addressing various issues of software security engineering. At the core of this approach is the identification and mitigation of security threats, which are potential misuses and anomalies that violate security goals or policies. Security threats determine where and how to apply security features or assurance techniques. Different from traditional security modeling and analysis methods that rely on the formalization of security properties, the threat-driven approach explicitly identifies the behaviors of security threats.

Introduction to Software Security

  1. Dianxiang Xu, Software Security, Wiley Encyclopedia of Computer Science and Engineering, W. Wah (Editor-In-Chief), Volume 5, pages 2703-2716, John Wiley & Sons, Inc., Hoboken, NJ, January 2009.

 

Threat Modeling and Verification

  1. Dianxiang Xu and Kendall E. Nygard. Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets. IEEE Transactions on Software Engineering. Vol. 32, No. 4, pp. 265-278, April 2006. (expanded version of the ASE'05 paper)
  2. Dianxiang Xu and Kendall Nygard. A Threat-Driven Approach to Modeling and Verifying Secure Software. In Proc. of the 2005 IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), pp. 342-346, November 7-11, 2005. California, USA.
  3. Jun Kong, Dianxiang Xu, and Xiaoqin Zeng. UML-based Modeling and Analysis of Security Threats. International Journal of Software Engineering and Knowledge Engineering, to appear. (expanded version of the COMPSAC'08 paper)
  4. Jun Kong and Dianxiang Xu. A UML-based Framework for Design and Analysis of Secure Software, Proc. of the 32nd IEEE Computer Software and Applications Conference (COMPSAC 2008), July 2008, Turku, Finland.

 

Testing for Security

  1. Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, Dianxiang Xu, Security Test Generation using Threat Trees, Fourth International Workshop on the Automation of Software Test (AST’09), in conjunction with ICSE'09, Vancouver, Canada, May 18-19, 2009.
  2. Linzhang Wang, W. Eric Wong, and Dianxiang Xu. A Threat Model Driven Approach for Security Testing, The 3rd International Workshop on Software Engineering for Secure Systems (SESS'07), in conjunction with ICSE’07. May 2007, Minneapolis. 

 

Secure Architecture Design

  1. Dianxiang Xu and Joshua Pauli. Threat-Driven Design and Analysis of Secure Software Architectures. Journal of Information Assurance and Security, Vol.1, No. 3, pp. 171-180, 2006.
  2. Joshua Pauli and Dianxiang Xu. Misuse Case-based Analysis of Secure Software Architecture, Proc. of ITCC'05, April 2005.
  3. Joshua Pauli and Dianxiang Xu. Threat-Driven Architectural Design of Secure Information Systems. Proc. of ICEIS’05, Miami, May 2005.

Security Requirements Analysis

  1. Dianxiang Xu, Vivek Goel, Kendall Nygard, and W. Eric Wong. Aspect-Oriented Specification of Threat-Driven Security Requirements, International Journal of Computer Applications in Technology, Special Issue on Concern Oriented Software Evolution. Vol. 31, Nos. 1/2, pp. 131-140, 2008.  (expanded version of the COMPSAC'06 paper)
  2. Dianxiang Xu, Vivek Goel, and Kendall Nygard. An Aspect-Oriented Approach to Security Requirements Analysis. Proc. of COMPSAC'06.  
  3. Josh Pauli and Dianxiang Xu. Integrating Functional and Security Requirements with Use Case Decomposition. In Proc. of the 11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS’06), USA, August 2006.
  4. Josh Pauli and Dianxiang Xu. Ensuring Consistent Use/Misuse Case Decomposition for Secure Systems. Proc. of the 18th International Conference on Software Engineering and Knowledge Engineering (SEKE'06), CA., USA, July 2006.
  5. Josh Pauli and Dianxiang Xu. Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study. In Proc. of the 3rd International Workshop on Modeling, Simulation, Verification and Validation of Enterprise Information Systems (MSVVEIS’05).