Home   >   CSC-OpenAccess Library   >    Manuscript Information
Integrating Threat Modeling in Secure Agent-Oriented Software Development
Ahmed M. Mahdy, Diana M. Rojas
Pages - 23 - 36     |    Revised - 01-07-2011     |    Published - 05-08-2011
Volume - 2   Issue - 3    |    Publication Date - July / August 2011  Table of Contents
Threat Modeling, Secure Tropos, Security Attack Scenarios
The main objective of this paper is to integrate threat modeling when developing a software application following the Secure Tropos methodology. Secure Tropos is an agent-oriented software development methodology which integrates “security extensions” into all development phases. Threat modeling is used to identify, document, and mitigate security risks, therefore, applying threat modeling when defining the security extensions shall lead to better modeling and increased level of security. After integrating threat modeling into this methodology, security attack scenarios are applied to the models to discuss how the security level of the system has been impacted. Security attack scenarios have been used to test different enhancements made to the Secure Tropos methodology and the Tropos methodology itself. The system modeled using this methodology is an e-Commerce application that will be used to sell handmade products made in Ecuador through the web. The .NET Model-View-Controller framework is used to develop our case study application. Results show that integrating threat modeling in the development process, the level of security of the modeled application has increased. The different actors, goals, tasks, and security constraints that were introduced based on the proposed integration help mitigate different risks and vulnerabilities.
CITED BY (7)  
1 Bhardwaj, E., & Kumar, D. Mitigation of Threats using Secure SDLC.
2 Meland, P. H., Paja, E., Gjære, E. A., Paul, S., Dalpiaz, F., & Giorgini, P. (2014). Threat analysis in goal-oriented security requirements modelling. International Journal of Secure Software Engineering (IJSSE), 5(2), 1-19.
3 Bijani, S., & Robertson, D. (2014). A review of attacks and security approaches in open multi-agent systems. Artificial Intelligence Review, 42(4), 607-636.
4 Meland, P. H., Gjære, E. A., & Paul, S. (2013, September). The Use and Usefulness of Threats in Goal-Oriented Modelling. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (pp. 428-436). IEEE.
5 Preschern, C., Kajtazovic, N., & Kreiner, C. (2013, October). Security analysis of safety patterns. In Proceedings of the 20th Conference on Pattern Languages of Programs (p. 12). The Hillside Group.
6 Pro, S. F., & Call, F. I. (2012). Secure and Trustworthy Composite S.
7 Uzunov, A. V., Fernandez, E. B., & Falkner, K. (2012). Engineering Security into Distributed Systems: A Survey of Methodologies. J. UCS, 18(20), 2920-3006.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
B. Mains. (2010, September) Introduction to ASP .NET MVC 2.0. [Online]. Available:http://dotnetslackers.com/articles/aspnet/Introduction-to-ASP-NET-MVC-2-0.aspx.
Comodo. (2010, October) Instant SSL. [Online]. Available: http://www.instantssl.com/sslcertificate-products/https.html.
D. Basin, M. Clavel, J. Doser and M. Egea, “Automated Analysis of Security-Design Models,” Information and Software Technology, vol. 51, no. 5, pp. 815-831, May. 2009.
D. Xu and K. Nygard, “Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets,” IEEE Transactions on Software Engineering Archive, vol. 32,no. 4, pp. 265-278, Apr. 2006.
H. Mouratidis and P. Giorgini, “Enhancing Secure Tropos to Effectively Deal with Security Requirements in the Development of Multiagent Systems,” Safety and Security in Multiagent Systems: Research Results From 2004-2006, M. Barley, H. Mouratidis, A.Unruh, D. Spears, P. Scerri, and F. Massacci, Eds. Lecture Notes In Artificial Intelligence,vol. 4324, Springer-Verlag, Berlin, Heidelberg, pp. 8-26.
H. Mouratidis and P. Giorgini, “Secure Tropos: A Security-Oriented Extension of the Tropos Methodology,” International Journal of Software Engineering and Knowledge Engineering.
H. Mouratidis, J. Jurjens, and J. Fox, “Towards a Comprehensive Framework for Secure Systems Development,” Advanced Information Systems Engineering, Lecture Notes in Computer Science, vol. 4001, Springer-Verlag, Berlin, Heidelberg, pp. 48-62.
H. Mouratidis, P. Giorgini, and G. Manson, “Using Security Attack Scenarios to Analyze Security During Information Systems Design,” in Proc. 6th International Conference on Enterprise Information Systems, 2004, pp. 10-17.
H. Mouratidis, P. Giorgini, and G. Manson, “When Security Meets Software Engineering: A Case of Modeling Secure Information Systems,” Information. Systems, vol. 30, no. 8, pp.609-629, Dec. 2005.
J. Galloway, “ASP .NET MVC Music Store Tutorial,” Microsoft, Oct. 2010.
J. Jurjens, “Foundations for Designing Secure Architectures,” Electronic Notes in Theoretical Computer Science, vol. 142, pp. 31-46, Jan. 2006.
J. Mylopoulos and J. Castro, “Tropos: A Framework for Requirements-Driven Software Development,” Information Systems Engineering: State of the Art and Research Themes,J. Brinkkemper, and A. Solvberg, Eds. Lecture Notes In Computer Science, SpringerVerlag,Berlin, Heidelberg, 2000.
Microsoft ASP .NET. (2010, September) ASP.NET MVC Overview. [Online]. Available:http://www.asp.net/mvc/tutorials/asp-net-mvc-overview-cs.
MSDN Library. (2010, April) Identifying Techniques that Mitigate Threats. [Online].Available: http://msdn.microsoft.com/en-US/library/ee798428(v=CS.20).aspx.
MSDN Library. (2010, April) Security Design by Threat Modeling. [Online]. Available:http://msdn.microsoft.com/en-us/library/ee810542(v=CS.20).aspx.
MSDN Library. (2010, April) The STRIDE Threat Model. [Online]. Available:http://msdn.microsoft.com/en-us/library/ee823878(CS.20).aspx.
MSDN Library. (2010, April) Threat Model Analysis. [Online]. Available:http://msdn.microsoft.com/en-us/library/aa561499(BTS.20).aspx.
New York State office of Cyber Security and Critical Infrastructure Coordination (2009,October) [Online]. Available: http://www.cscic.state.ny.us/lib/glossary/.
P. Bresciani, A. Perini, P. Giorgini, F. Giunchiglia, and J. Mylopoulos, “Tropos: An AgentOriented Software Development Methodology,” Autonomous Agents and Multi-Agent Systems, vol. 8, no. 3, pp. 203-236, May. 2004.
R. Matulevi, N. Mayer, H. Mouratidis, E. Dubois, P. Heymans, and N. Genon, “Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development,” in Proc. 20th International Conf. on Advanced Information Systems Engineering, 2008, pp. 541-555.
R. Peteanu. (2010, October) Best Practices for Secure Development. [Online]. Available:http://www.arcert.gov.ar/webs/textos/best_prac_for_sec_dev4.pdf.
S. Ambler. (2010, March) Introduction to Security Threat Modeling. [Online]. Available:http://www.agilemodeling.com/artifacts/securityThreatModel.htm.
S. Burns. (2010, March) Threat Modeling: A Process to Ensure Application. [Online].Available: http://www.sans.org/reading_room/whitepapers/securecode/threat-modelingprocess-ensure-application-security_1646.
S. Guthrie. (2010, October) ASP.NET MVC Framework. [Online]. Available:http://weblogs.asp.net/scottgu/archive/2007/10/14/asp-net-mvc-framework.aspx.
Shirvani, A. “Workable attacks against E-commerce,” 1st e-Commerce Security Conference Ramiran.Co, Tehran, Iran. 2008.
Y. Lee, J. Lee and Z. Lee, “Integrating Software Lifecycle Process Standards with Security Engineering,” Computers & Security, vol. 21, no. 4, pp. 345-355, Aug. 2002.
Dr. Ahmed M. Mahdy
Texas A&M University-Corpus Christi - United States of America
Miss Diana M. Rojas
- United States of America