Li et al., 2016 - Google Patents
Security attack analysis using attack patternsLi et al., 2016
View PDF- Document ID
- 1193941541293082497
- Author
- Li T
- Paja E
- Mylopoulos J
- Horkoff J
- Beckers K
- Publication year
- Publication venue
- 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)
External Links
Snippet
Discovering potential attacks on a system is an essential step in engineering secure systems, as the identified attacks will determine essential security requirements. The prevalence of Socio-Technical Systems (STSs) makes attack analysis particularly …
- 238000004458 analytical method 0 title abstract description 99
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce, e.g. shopping or e-commerce
- G06Q30/01—Customer relationship, e.g. warranty
- G06Q30/018—Business or product certification or verification
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | Security attack analysis using attack patterns | |
| Xiong et al. | Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix | |
| Khan et al. | Systematic mapping study on security approaches in secure software engineering | |
| ben Othmane et al. | Extending the agile development process to develop acceptably secure software | |
| Ko | Execution Monitoring of security-critical programs in a distributed system: a specification-based approach | |
| Whittle et al. | Executable misuse cases for modeling security concerns | |
| Mažeika et al. | Integrating security requirements engineering into MBSE: Profile and guidelines | |
| Basile et al. | A meta-model for software protections and reverse engineering attacks | |
| Baca et al. | Countermeasure graphs for software security risk assessment: An action research | |
| Zech et al. | Towards a model based security testing approach of cloud computing environments | |
| Mead | Requirements engineering for survivable systems | |
| Ameur-Boulifa et al. | Sysml model transformation for safety and security analysis | |
| Sendiang et al. | Minimization of SQL injection in scheduling application development | |
| Rameder | Systematic review of ethereum smart contract security vulnerabilities, analysis methods and tools | |
| Ivanov et al. | Rectifying administrated ERC20 tokens | |
| Alrimawi et al. | Incidents are meant for learning, not repeating: sharing knowledge about security incidents in cyber-physical systems | |
| Trad | Business Architecture and Transformation Projects: Enterprise Holistic Security Risk Management (ESRM) | |
| Li et al. | Analyzing attack strategies through anti-goal refinement | |
| Kumar | An attack tree template based on feature diagram hierarchy | |
| Georgsen et al. | Serious Games with SysML: Gamifying Threat Modelling in a Small Business Setting | |
| Pramod | A study of various approaches to assess and provide web based application security | |
| Raihan et al. | Detecting intrusions specified in a software specification language | |
| Büchler | Semi-automatic security testing of web applications with fault models and properties | |
| Rak et al. | Advancing ESSecA: a step forward in Automated Penetration Testing | |
| Aouad et al. | Defender-centric Conceptual Cyber Exposure Ontology for Adaptive Cyber Risk Assessment. |