Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A risk-centric defensive architecture for threat modelling in e-government application

A risk-centric defensive architecture for threat modelling in e-government application To improve the security of an e-government, software engineering plays a vital role. During the application development for an e-government, there exist several risks. To analyse those risks, threat modelling methodology which is defined as the process to understand and address the threats of an application. Threat modelling is used to determine security controls and countermeasures for the targeting attacks. This paper describes an approach to identify how far the attack penetrates in risk layers and how the model defends from an attacker in e-government systems. The relevant attacks are retrieved from the attack pattern information is gathered from MITRE's common attack pattern enumeration and classification (CAPEC) security source. This architecture dynamically identifies the risk severity and prioritises the risk in a single step. An attack pattern applied to a risk-centric defensive architecture model to identify threat severity and also it is prioritised based on its impact. We validate risk-centric defensive architecture model by implementing it in a tool based on data flow diagrams (DFDs), from the Microsoft security development methodology. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Electronic Government, an International Journal Inderscience Publishers

A risk-centric defensive architecture for threat modelling in e-government application

Loading next page...
 
/lp/inderscience-publishers/a-risk-centric-defensive-architecture-for-threat-modelling-in-e-9tvKEhdmYb

References

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd
ISSN
1740-7494
eISSN
1740-7508
DOI
10.1504/EG.2018.089537
Publisher site
See Article on Publisher Site

Abstract

To improve the security of an e-government, software engineering plays a vital role. During the application development for an e-government, there exist several risks. To analyse those risks, threat modelling methodology which is defined as the process to understand and address the threats of an application. Threat modelling is used to determine security controls and countermeasures for the targeting attacks. This paper describes an approach to identify how far the attack penetrates in risk layers and how the model defends from an attacker in e-government systems. The relevant attacks are retrieved from the attack pattern information is gathered from MITRE's common attack pattern enumeration and classification (CAPEC) security source. This architecture dynamically identifies the risk severity and prioritises the risk in a single step. An attack pattern applied to a risk-centric defensive architecture model to identify threat severity and also it is prioritised based on its impact. We validate risk-centric defensive architecture model by implementing it in a tool based on data flow diagrams (DFDs), from the Microsoft security development methodology.

Journal

Electronic Government, an International JournalInderscience Publishers

Published: Jan 1, 2018

There are no references for this article.