Australian Information Security Management Conference
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Abstract
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more effective threat model.
DOI
10.4225/75/57b670493477c
Comments
8th Australian Information Security Mangement Conference, Edith Cowan University, Perth Western Australia, 30th November 2010