Australian Information Security Management Conference

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Comments

Originally published in the Proceedings of the 8th Australian Information Security Mangement Conference, Edith Cowan University, Perth Western Australia, 30th November 2010

Abstract

Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more effective threat model.

DOI

10.4225/75/57b670493477c

Share

 
COinS