The Design And Implementation Of Threat Modeling Tool In Extendable Security Software Development Environment

With the popularity of computer and Internet, the demand of security and reliability for software becomes higher than before. Security software engineering aimed at detecting and removing security bugs as early as possible by increasing a series of security attention and improvements during each phase in the software development lifecycle. Threat modeling is the most important process in the security development lifecycle, and its major task is helping analysts and developers to lead the threat medeling and evaluation.Based on the process oriented threat modeling we have proposed an object oriented threat modeling method in order to adapt to the object oriented analysis and design. We described the detail process of how to construct the threat tree model which has AND/OR nodes, designed the algorithm of attacking path searching, set down the evaluation scheme of attack path and threats.We have proposed an architecture overview of extendable security software development environment, designed a set of tools for security software analyzing, designing, developing, shipping and maintaining. They are integrated to Eclipse in the form of plugins and can be used to lead security software development for analysts, designers, developers, testers and maintainers. We have implemented the threat modeling tool in the extendable security softeware development environment. It takes advantage of UseCase diagram to show the overview of the application or system and uses activity diagram to decompose the application or system, obtains the information of asset in the application or system. It uses the threat tree model to evaluate the attack path and threat, gains the information of threat and scheme, outputs all of the information in the form of XML, converts to HTML by XSL, and forms the security software development documents of design phase which can be viewed by browser.Based on the work mentioned above, an application of online bank is designed to demonstrate the validity of object oriented threat modeling method and its effect of efficiently detecting and removing security bugs in design phase by using the tool to model and analyze the application. It also shows that the tool is practical and reliable.