Skip to main content
SpringerLink
Log in

Security Threat Modeling and Requirement Analysis Method Based on Goal-Scenario

  • Conference paper
  • First Online:
Proceedings of the International Conference on IT Convergence and Security 2011

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 120))

Abstract

Threat modeling plays a significant role in the design of the overall security model for a system because it can help to ensure that security is built into applications, rather than addressed as an afterthought. However, research in security threat modeling has yet to mature as there is paucity of established techniques and tools to aid the threat modeling and formal analysis process. Moreover, existing work do not integrate threat modeling notations with a formal threat analysis procedure to aid decision making during security requirements analysis. This paper proposes a goal-Scenario approach to security threat modeling and requirement analysis by using visual model elements to explicitly capture threat-related concepts. More specifically, we propose a goal-scenario approach for explicitly modeling and analyzing security threats during requirements analysis. The goal scenario will be analyzed using the threat requirement, and the creation of the threat model will be discussed by the analysis on the STRIDE and the scenario authoring rules.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Abbreviations

STRIDE:

Spoofing identity (S), Tampering with Data (T), Repudiation (R), Information Disclosure (I), Denial of Service (D) and Elevation of Privilege (E)

References

  1. Crook R, Ince D, Lin L, Nuseibeh B (2002) Security requirements engineering: When anti-requirements hit the fan. In Proceedings of IEEE Int’l Requirements Engineering Conference (RE’02)

    Google Scholar 

  2. J. Rushby (2001) Security requirements specifications: How and what. In Proceedings of the IEEE Symposium on Requirements Engineering for Information Security (SREIS’01). In dianapolis, Mar 2001

    Google Scholar 

  3. Howard M, LeBlanc D (2002) Writing secure code, 2nd edition, Microsoft Press

    Google Scholar 

  4. Swiderski F, Snyder W (2004) Threat modeling. Microsoft Press

    Google Scholar 

  5. Moore AP, Ellison RJ, Linger RC (2001) Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute, Carnegie Mellon University, Mar 2001

    Google Scholar 

Download references

Acknowledgments

This work was supported by the Security Engineering Research Center, granted by the Korea Ministry of Knowledge Economy.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, KyungHee University, 1 Seocheon, Giheung, Yongin, Gyeonggi, 446-701, South Korea

    Su-Jin Baek & Young-Jae Song

  2. Division of Information and Communication, Baekseok University, Cheonan, Chungcheongnam-do, 330-704, South Korea

    Jung-Soo Han

Authors
  1. Su-Jin Baek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung-Soo Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Young-Jae Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Su-Jin Baek .

Editor information

Editors and Affiliations

  1. , Convergence Security, Kyoung-gi University, Iui-dong San 94-6, Suwon, Gyeonggi-do, 443-760, Korea, Republic of (South Korea)

    Kuinam J. Kim

  2. , Computer Science, Sungkyunkwan University, Cheonchoen-dong, Jangan-gu 300, Suwon, Gyeonggi-do, 110-745, Korea, Republic of (South Korea)

    Seong Jin Ahn

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media B.V.

About this paper

Cite this paper

Baek, SJ., Han, JS., Song, YJ. (2012). Security Threat Modeling and Requirement Analysis Method Based on Goal-Scenario. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_38

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-2911-7_38

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-2910-0

  • Online ISBN: 978-94-007-2911-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation