Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security

Abstract

Threat modeling analyzes how an adversary might attack a system by supplying it with malicious data or interacting with it. The analysis uses a Data Flow Diagram (DFD to describe how data moves through a system. Today, DFDs are represented informally, reviewed manually with security domain experts and may not reflect all the entry points in the implementation. We designed an approach to check the conformance of an implementation with its security architecture. We extended Reflexion Models to compare as-built DFD recovered from the implementation and the as-designed DFD, by increasing its automation and thus its adoptability. We also designed an analysis to assist DFD designers validate their initial DFDs and detect common security design flaws in them. An evaluation of the approach on subsystems from production code showed that it can find omitted or outdated information in existing DFDs.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
ADA473832

Entities

People

  • Daniel Wang
  • Marwan Abi-antoun
  • Peter Torr

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Boundaries
  • Case Studies
  • Classification
  • Computer Access Control
  • Computer Programs
  • Computer Science
  • Control Panels
  • Cryptography
  • Denial Of Service Attack
  • Engineering
  • Information Operations
  • Language
  • Operating Systems
  • Reliability
  • Security
  • Security Protocols
  • Test And Evaluation

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Military Leadership and Professional Education.
  • Software Engineering.