Towards automated security design flaw detection

Laurens Sion, Katja Tuma, Riccardo Scandariato, Koen Yskout, Wouter Joosen

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Efficiency of security-by-design has become an important goal for organizations implementing software engineering practices such as Agile, DevOps, and Continuous Integration. Software architectures are (often manually) analyzed at design time for potential security design flaws, based on natural language descriptions of security weaknesses (e.g., CWE, CAPEC). The use of natural language hinders the application of such knowledge bases in an automated fashion. In this paper, we analyze an existing catalog of 19 security design flaws in order to identify conceptual, technology-independent requirements on architectural models that enable automatically detecting these flaws. This constitutes the first step towards automated assessment of design-level security. Our findings are illustrated on an IoT-based smart home system.

Original languageEnglish
Title of host publicationProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages49-56
Number of pages8
ISBN (Electronic)9781728141367
DOIs
Publication statusPublished - Nov 2019
Externally publishedYes
Event34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019 - San Diego, United States
Duration: 10 Nov 201915 Nov 2019

Publication series

NameProceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019

Conference

Conference34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019
CountryUnited States
CitySan Diego
Period10/11/1915/11/19

Bibliographical note

Funding Information:
This research is partially funded by the Research Fund KU Leuven. Katja Tuma was partially supported by the Swedish VINNOVA FFI project “CyReV: Cyber Resilience for Vehicles-Cybersecurity for automotive systems in a changing environment”.

Publisher Copyright:
© 2019 IEEE.

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Keywords

  • Design analysis
  • Design flaws
  • Design inspection
  • Security

Fingerprint

Dive into the research topics of 'Towards automated security design flaw detection'. Together they form a unique fingerprint.

Cite this