Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security

Abi-antoun, Marwan; Wang, Daniel; Torr, Peter

Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security

Active / Technical Report | Accession Number: ADA473832 |

Open PDF

Abstract:

Threat modeling analyzes how an adversary might attack a system by supplying it with malicious data or interacting with it. The analysis uses a Data Flow Diagram DFD to describe how data moves through a system. Today, DFDs are represented informally, reviewed manually with security domain experts and may not reflect all the entry points in the implementation. We designed an approach to check the conformance of an implementation with its security architecture. We extended Reflexion Models to compare as-built DFD recovered from the implementation and the as-designed DFD, by increasing its automation and thus its adoptability. We also designed an analysis to assist DFD designers validate their initial DFDs and detect common security design flaws in them. An evaluation of the approach on subsystems from production code showed that it can find omitted or outdated information in existing DFDs.

Author(s):

Abi-antoun, Marwan ; Wang, Daniel ; Torr, Peter

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA INST OF SOFTWARE RESEARCH INTERNAT

Supplementary Note:

DOI: 10.21236/ADA473832

Pagination:

0021

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU-ISRI-06-124

Contract/Grant Number(s):

CCF-0546550, HR0011-07-1-0019

Monitor Series:

DOD

Subject Terms

Joint Capability Areas:

JCA_6.4.1_Secure Information Exchange; JCA_5_Command and Control; JCA_6_Net Centric; JCA_5.3_Planning; JCA_6.4_Information Assurance; JCA_1.2.5_Lessons Learned; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6.1_Information Transport; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_8_Building Partnerships; JCA_1_Force Support; JCA_5.4.5_Intuit; JCA_5.4_Decide; JCA_8.2_Shape; JCA_1.2_Force Preparation

Modernization Areas:

Cyber

Communities of Interest:

Engineered Resilient Systems

Descriptor(s):

*MODELS, *SECURITY, *CONFORMITY, METHODOLOGY, CODING, MAPPING, CONFIGURATIONS, VULNERABILITY, THREATS

Field(s)/Group(s):

Operations Research, Computer Programming and Software

Keyword(s):

*DFD(DATA FLOW DIAGRAM), BINARY DEPENDENCY INFORMATION, TRACEABILITY

Report Date:

2006 Sep 01

Creation Date:

2007 Nov 21