Abstract

Security Development Lifecycle (SDL) is a software assurance methodology that aims at assisting software developers in improving the security of software production. Typically SDL is described in terms of phases that include requirements and design phases. The Requirements phase embraces consideration of security and privacy at a foundational level. This consideration comprises several activities in security requirements, security risk assessment, and threat modeling. The problem is that basic notions at this level are categorized and conceptualized as arbitrary collections of assets, operations, techniques, etc. with no systematic connection between them. This paper is part of an effort that aims at building a uniform foundation for notions in SDL. It focuses on requirements phase analysis, where we analyze conceptual aspects that involve the notions of threats, risks, and vulnerabilities. We work on two aspects: 1. The notions of threats, risks, and vulnerabilities are conceptualized utilizing a new approach based on the notion of flow. 2. The flow-based methodology is presented as an alternative description to using data flow diagrams as a first step in modeling threats. In both cases the analysis is performed utilizing sample cases.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.