Retrieving relevant CAPEC attack patterns for secure software development

Abstract

To improve the security of computer systems, information, and the cyber space, it is critical to engineer more secure software. To develop secure and reliable software, software developers need to have the mindset of an attacker. Attack patterns such as CAPEC are valuable resources to help software developers to think like an attacker and have the potential to be used in each phase of the secure software development life cycle. However, systematic processes or methods for utilizing existing attack pattern resources are needed. As a first step, this paper describes our ongoing effort of developing a tool to retrieve relevant CAPEC attack patterns for software development. This tool can retrieve attack patterns most relevant to a particular STRIDE type, as well as most useful to the software being developed. It can be used in conjunction with the Microsoft SDL threat modeling tool. It also allows developers to search for CAPEC attack patterns using keywords.

DOI: 10.1145/2602087.2602092

Extracted Key Phrases

2 Figures and Tables

Cite this paper

@inproceedings{Yuan2014RetrievingRC, title={Retrieving relevant CAPEC attack patterns for secure software development}, author={Xiaohong Yuan and Emmanuel Borkor Nuakoh and Jodria S. Beal and Huiming Yu}, booktitle={CISR}, year={2014} }