For the most recent entries see the Petri Nets Newsletter.

A threat-driven approach to modeling and verifying secure software.

Xu, Dianxiang; Nygard, Kendall

In: ACM international Conference on Automated software engineering: ASE '05: Proceedings of the 20th IEEE, pages 342-346. ACM Press, 2005.

Abstract: This paper presents a formal approach to threat-driven modeling and verification of secure software using aspect-oriented Petri nets. Based on the behavior model of intended functions, we identify and build formal models of security threats, which are potential misuses and anomalies of the intended functions that violate security goals. Threat mitigations are further modeled in an aspect-oriented paradigm. Taking Petri nets as a formal basis for modeling behaviors, threats, and mitigations as a whole, we verify properties of and consistency between behaviors and threats, and absence of identified threats from the integrated model of functions and threat mitigations. This makes it possible to achieve a design that is provably resistant to the anticipated threats and thus reduce significant design-level vulnerabilities.


Do you need a refined search? Try our search engine which allows complex field-based queries.

Back to the Petri Nets Bibliography