Skip to main content

Research Repository

Advanced Search

Contextualisation of data flow diagrams for security analysis.

Faily, Shamal; Scandariato, Riccardo; Shostack, Adam; Sion, Laurens; Ki-Aries, Duncan

Authors

Riccardo Scandariato

Adam Shostack

Laurens Sion

Duncan Ki-Aries



Contributors

Harley Eades III
Editor

Olga Gadyatskaya
Editor

Abstract

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.

Citation

FAILY, S., SCANDARIATO, R., SHOSTACK, A., SION, L. and KI-ARIES, D. 2020. Contextualisation of data flow diagrams for security analysis. In Eades, H. III and Gadyatskaya, O. (eds.) Graphical models for security: revised selected papers from the proceedings of the 7th International workshop on graphical models for security (GraMSec 2020), 22 June 2020, Boston, USA. Lecture notes in computer science, 12419. Cham: Springer [online], pages 186-197. Available from: https://doi.org/10.1007/978-3-030-62230-5_10

Conference Name 7th International workshop on graphical models for security (GraMSec 2020)
Conference Location Boston, USA
Start Date Jun 22, 2020
Acceptance Date Jun 1, 2020
Online Publication Date Nov 8, 2020
Publication Date Dec 31, 2020
Deposit Date Sep 16, 2021
Publicly Available Date Dec 3, 2021
Publisher Springer
Pages 186-197
Series Title Lecture notes in computer science
Series Number 12419
Series ISSN 0302-9743 ; 1611-3349
Book Title Graphical models for security: revised selected papers from the proceedings of the 7th International workshop on graphical models for security (GraMSec 2020), 22 June 2020, Boston, USA
ISBN 9783030622299
DOI https://doi.org/10.1007/978-3-030-62230-5_10
Keywords Data flow diagrams (DFDs); Threat modelling; Tainted data flows; Security; Software
Public URL https://rgu-repository.worktribe.com/output/1427926

Files





You might also like



Downloadable Citations