Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previou...
Security models, such as an attack graph (AG), are widely adopted to assess the security of networke...
The Internet today provides the environment for novel applications and processes which may evolve wa...
Security risk analysis is the term used to describe the analysis of critical facilities in which the...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
International audienceIn this paper, we propose a model-driven framework for security analysis. We p...
Abstract—Threat modeling allows potential security threats to be identified and mitigated at design ...
In recent years, concentration on software design phase for evaluating security into the developing ...
International audienceSoftware Hardening against memory safety exploits can be achieved from the sil...
Security by design is a key principle for realizing secure software systems and it is advised to hun...
International audienceRemotely-communicating software-based systems are tightly present in modern in...
Context: Security is a growing concern in many organizations. Industries developing software systems...
International audienceSecurity patterns are reusable solutions, which enable the design of maintaina...
International audienceDesign Patterns are now widely accepted and used in software engineering ; the...
International audience<p>Fault injection attack is an extremely pow-erful technique to extract secre...
Conference of 3rd International Conference on Model-Driven Engineering and Software Development, MOD...
Security models, such as an attack graph (AG), are widely adopted to assess the security of networke...
The Internet today provides the environment for novel applications and processes which may evolve wa...
Security risk analysis is the term used to describe the analysis of critical facilities in which the...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
International audienceIn this paper, we propose a model-driven framework for security analysis. We p...
Abstract—Threat modeling allows potential security threats to be identified and mitigated at design ...
In recent years, concentration on software design phase for evaluating security into the developing ...
International audienceSoftware Hardening against memory safety exploits can be achieved from the sil...
Security by design is a key principle for realizing secure software systems and it is advised to hun...
International audienceRemotely-communicating software-based systems are tightly present in modern in...
Context: Security is a growing concern in many organizations. Industries developing software systems...
International audienceSecurity patterns are reusable solutions, which enable the design of maintaina...
International audienceDesign Patterns are now widely accepted and used in software engineering ; the...
International audience<p>Fault injection attack is an extremely pow-erful technique to extract secre...
Conference of 3rd International Conference on Model-Driven Engineering and Software Development, MOD...
Security models, such as an attack graph (AG), are widely adopted to assess the security of networke...
The Internet today provides the environment for novel applications and processes which may evolve wa...
Security risk analysis is the term used to describe the analysis of critical facilities in which the...