UTHM Institutional Repository

A hybrid threat model for software security requirement specification

Omotunde, Habeeb and Ibrahim, Rosziati (2016) A hybrid threat model for software security requirement specification. In: 2016 International Conference on Information Science and Security (ICISS), 19-22 December 2016, Pattaya, Thailand.

Full text not available from this repository.

Abstract

Security is often treated as secondary or a nonfunctional feature of software which influences the approach of vendors and developers when describing their products often in terms of what it can do (Use Cases) or offer customers. However, tides are beginning to change as more experienced customers are beginning to demand for more secure and reliable software giving priority to confidentiality, integrity and privacy while using these applications. This paper presents the MOTH (Modeling Threats with Hybrid Techniques) framework designed to help organizations secure their software assets from attackers in order to prevent any instance of SQL Injection Attacks (SQLIAs). By focusing on the attack vectors and vulnerabilities exploited by the attackers and brainstorming over possible attacks, developers and security experts can better strategize and specify security requirements required to create secure software impervious to SQLIAs. A live web application was considered in this research work as a case study and results obtained from the hybrid models extensively exposes the vulnerabilities deep within the application and proposed resolution plans for blocking those security holes exploited by SQLIAs.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: SQL injection attacks; software security; MOTH; SSDL; security requirements; threat modeling
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Faculty of Computer Science and Information Technology > Department of Software Engineering
Depositing User: Mr. Mohammad Shaifulrip Ithnin
Date Deposited: 30 Sep 2019 03:24
Last Modified: 30 Sep 2019 03:24
URI: http://eprints.uthm.edu.my/id/eprint/11722
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item