A risk-centric defensive architecture for threat modeling in e-government application
| Autor: | Maheshwari Venkatasen, Prasanna Mani |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Public Administration
E-Government Architecture model Computer science Process (engineering) 0211 other engineering and technologies 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Security controls Computer Science Applications Data flow diagram Systems development life cycle 021105 building & construction Threat model 0202 electrical engineering electronic engineering information engineering Architecture computer |
| Zdroj: | Electronic Government, an International Journal. 14:1 |
| ISSN: | 1740-7508 1740-7494 |
| DOI: | 10.1504/eg.2017.10008841 |
| Popis: | To improve the security of an e-government, software engineering plays a vital role. During the application development for an e-government, there exist several risks. To analyse those risks, threat modelling methodology which is defined as the process to understand and address the threats of an application. Threat modelling is used to determine security controls and countermeasures for the targeting attacks. This paper describes an approach to identify how far the attack penetrates in risk layers and how the model defends from an attacker in e-government systems. The relevant attacks are retrieved from the attack pattern information is gathered from MITRE's common attack pattern enumeration and classification (CAPEC) security source. This architecture dynamically identifies the risk severity and prioritises the risk in a single step. An attack pattern applied to a risk-centric defensive architecture model to identify threat severity and also it is prioritised based on its impact. We validate risk-centric defensive architecture model by implementing it in a tool based on data flow diagrams (DFDs), from the Microsoft security development methodology. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|