Discover Your Island University

Graduate Projects


Project ID: 350
Author: Diana M. Rojas-Barros
Project Title: Integrating Threat Modeling in the Secure
Semester: 1 2010
Committe Chair: Dr. Ahmed Mahdy
Committee Member 1: Dr. Mario Garcia
Committee Member 2: Dr. Ajay Katangur
Project Description: The main objective of this thesis is to integrate threat modeling when developing a software application following the Secure Tropos methodology. Secure Tropos is an agentoriented software development methodology which integrates “security extensions” into all development phases. Threat modeling is used to identify, document, and mitigate security risks, therefore, applying threat modeling when defining the security extensions shall lead to better modeling and increased level of security. After integrating threat modeling into this methodology, security attack scenarios are applied to the models to discuss how the security level of the system has been impacted. A security attack scenario describes an attack situation in a multiagent system. It identifies the agents, their secure capabilities, possible attackers, and their goals. Security attack scenarios have been used to test different enhancements made to the Secure Tropos methodology and the Tropos methodology itself. The system modeled using this methodology is an e-Commerce application that will be used to sell handmade products made in Ecuador through the web. The .NET Model-View-Controller framework is used to develop our case study application. Results show that integrating threat modeling in the development process, the level of security of the modeled application has increased. The different actors, goals, tasks, and security constraints that were introduced based on the proposed integration help mitigate different risks and vulnerabilities.
Project URL:   350.pdf