Threat modeling approaches and tools for securing architectural designs of an e-banking application

Möckel, Caroline and Abdallah, Ali E. (2010) Threat modeling approaches and tools for securing architectural designs of an e-banking application. In: Information Assurance and Security (IAS), 2010 Sixth International Conference. IEEE Conference Publications, pp. 149-154. ISBN 978-1-4244-7409-7

Full text not available from this repository. (Request a copy)

Abstract

Software is the most important line of defense for protecting critical information assets such as in e-banking. The continuous increase in sophistication and in volume of cyber security attacks provides compelling reasons for enhancing the security of software applications that control critical assets. There is a broad acceptance that in order to produce dependable and secure applications, developers need to “build security in” throughout the software development lifecycle (SDL). Threat Modeling is essential for building security in at all the SDL stages and in particular at the design stage. In the last few years, several innovative approaches to threat modeling have emerged and recently some supporting tools have become available. Using the Microsoft SDL tool as an example, this paper elaborates, illustrates and discusses the threat modeling process and its usefulness to the architectural designs of an e-banking application. This paper also seeks for a critical reflection on different approaches and tools, accounting for the complexity and difficulty of the process.

Item Type: Book Section
Uncontrolled Keywords: Online banking, Authentication, Unified modeling language, Databases, Banking, Software ,Microsoft SDL tool, threat modeling approaches, architectural designs security, e-banking application, cyber security attacks, critical information assets protection, software development lifecycle
Subjects: G400 Computer Science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Cyber Security
UoA Collections > UoA11: Computer Science and Informatics
Depositing User: Oana-Andreea Dumitrascu
Date Deposited: 06 Apr 2017 14:36
Last Modified: 11 May 2017 16:13
URI: http://www.open-access.bcu.ac.uk/id/eprint/4209

Actions (login required)

View Item View Item

Research

In this section...