Past Event! Note: this event has already taken place.
RADS Seminar: Specification, Detection, and Treatment of STRIDE Threats for Software Components
May 20, 2021 at 2:00 PM
Audience: | Current Students |
You are invited to a virtual seminar organized by the Real Time and Distributed Systems (RADS) Research Centre.
RADS SEMINAR:
Date: May 20
Time: 2:00 PM
Zoom link: Join Zoom Meeting
https://carleton-ca.zoom.us/j/93537421280
Meeting ID: 935 3742 1280
Passcode: 381214
TITLE: Specification, Detection, and Treatment of STRIDE Threats for Software Components
Speaker: Jason Jaskolka, Dept. of Systems & Computer Eng., Carleton University
ABSTRACT:
The existence of security threats in software designs can significantly impact the safe and reliable operation of systems. Threats need to be precisely specified before a tool can manipulate them, and though several approaches for threat specification have been proposed, they do not provide the scalability and flexibility required in practice. We propose an integrated approach for threat detection and treatment by means of security requirements, during the software architecture design time. In this talk, we will describe our approach
to: (1) specify threats as properties of a modeled system in a technology-independent specification language; (2) express conditions that reveal these threats in a suitable language with automated tool support for threat detection through model verification; and (3) suggest a set of security requirements to protect against detected threats. The formalized threats and security requirements are then provided as formal model libraries to foster reuse. To demonstrate the approach, we will explore a set of representative threats from categories based on Microsoft’s STRIDE threat classification in the context of secure component-based software architecture development.