Tools
ToolsFaily, S., Scandariato, R., Shostack, A., Sion, L. and Ki-Aries, D., 2020. Contextualisation of Data Flow Diagrams for security analysis. arXiv (2006.04098v1 [cs.CR).
Full text available as:
|
PDF
2006.04098v1.pdf - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. 900kB | |
|
Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk. Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material. |
Official URL: https://arxiv.org/abs/2006.04098
Abstract
Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.
| Item Type: | Article |
|---|---|
| Additional Information: | Workshop pre-print |
| Uncontrolled Keywords: | cs.CR; cs.CR; cs.SE |
| Group: | Faculty of Science & Technology |
| ID Code: | 34459 |
| Deposited By: | Symplectic RT2 |
| Deposited On: | 01 Sep 2020 12:28 |
| Last Modified: | 14 Mar 2022 14:23 |
Downloads
Downloads per month over past year
| Repository Staff Only - |