Secure Architecture Design Automation

Public presentation by Katja Tuma
on Wed. 24 May 2017 at 10:00-12:00 in room EL41
Architectural threat analysis is a pillar of security by design and is routinely performed in companies. To this day, companies perform threat analysis using techniques like STRIDE, where security experts manually identify and assess security threats. Techniques such as STRIDE aim towards maximizing the completeness of discovered threats. This leads to identifying more threats than can be addressed (due to budget constraints). However, at that point analysts have spent precious time on low-prioritized threats already, which is inefficient. Therefore, there is a need for a more efficient use of the allocated resources. Because secure architectures consider security as a cross-cutting concern, testing, maintenance and compliance checking provide continuous feedback on system state. Automation of architectural analysis can not only reduce the manual labor, but also cater to late-stage security related activities. This short paper discusses two recent attempts to automate architectural threat analysis and discusses their limitations.
View PDF

Introductory papers
  • P. Torr: Demystifying the threat modeling process (S&P 2005)
  • Advanced papers
  • Berger et al.: Automatically Extracting Threats from Extended Data Flow Diagrams (ESSoS 2016)
  • Almorsy et al.: Automated Software Architecture Security Risk Analysis using Formalized Signatures (ICSE 2013)
  • Fork me on GitHub