论文标题
数据流程图的上下文化用于安全分析
Contextualisation of Data Flow Diagrams for security analysis
论文作者
论文摘要
数据流程图(DFD)是用于素描系统的流行,用于随后的威胁建模。他们有限的语义使他们的理由很困难,但丰富了他们的简单性和随后的便利性。我们提出了一种通过将其与其他互补的可用性和需求模型相关联,来推理设计级DFD中的污染数据流的方法。我们使用试点研究说明了我们的方法,在该研究中,确定了污染的数据流,而没有对DFD或其互补模型进行任何增强。
Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.
