At the last FFI Automotive Security and Privacy Conference, Katja Tuma presented some of the work that she and her colleagues have done in the past four years (links to documents are available below). The focus of their work was on threat modeling and analysis techniques used for designing secure software, in particular, the following deliveries were made:

– A systematic assessment of the state of the art in threat analysis of software systems (paper 1), and a comparative empirical study of two different threat analysis approaches (paper 3).
– A novel threat analysis technique illustrated on scenarios from the HoliSec in-vehicle architecture (paper 2), and evaluated with an empirical case study on a Remote Software Download scenario (paper 4).
– A proposal for a formally based specification language for security extended data-flow diagram (SecDFD, paper 5) with security checks for data confidentiality and integrity.
– A study and tool support for automatically building compliance links between programs implemented in Java and security extended data-flow diagrams (paper 6).
– An empirically evaluated catalog of inspection guidelines for security design flaws (paper 7) and an initial proposal for the automation of the inspection guidelines (paper 8).

This work was conducted by the following researchers:
Katja Tuma, Gothenburg University
Riccardo Scandariato, Gothenburg University
Christian Sandberg, AB Volvo
Urban Thorsson, AB Volvo
Mathias Widman, AB Volvo
Collaborating researchers from Gothenburg University and Chalmers (G. Çalikli, D. Strüber), KTH (M. Balliu), University of Koblenz (S. Peldsuz, J. Jürjens), and KU Leueven (L. Sion, K. Yskout)

[1] Tuma, K., Çalikli, G., & Scandariato, R. (2018). Threat analysis of software systems: A systematic literature review. Journal of Systems and Software, 144, 275-294.

[2] Tuma, K., Scandariato, R., Widman, M., & Sandberg, C. (2017). Towards security threats that matter. In Computer Security (pp. 47-62). Springer, Cham.

[3] Tuma, K., & Scandariato, R. (2018, September). Two Architectural Threat Analysis Techniques Compared. In European Conference on Software Architecture (pp. 347-363). Springer, Cham.

[4] Tuma, K., Sandberg, C., Thorsson, U., Widman, M., & Scandariato, R. (2019). Finding Security Threats That Matter: An Industrial Case Study. arXiv preprint arXiv:1910.03422.

[5] Tuma, K., Scandariato, R., & Balliu, M. (2019, March). Flaws in flows: Unveiling design flaws via information flow analysis. In 2019 IEEE International Conference on Software Architecture (ICSA) (pp. 191-200). IEEE.

[6] Peldszus, S., Tuma, K., Strüber, D., Jürjens, J., & Scandariato, R. Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings. In the International Conference on Model Driven Engineering Languages and Systems, IEEE.

[7] Tuma, K., Hosseini, D., Malamas, K., & Scandariato, R. (2019). Inspection Guidelines to Identify Security Design Flaws. In European Conference on Software Architecture. Springer, Cham.

[8] Sion, L., Tuma, K., Scandariato, R., Yskout, K., & Joosen, W. (2019). Towards Automated Security Design Flaw Detection. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW). IEEE.

For any questions regarding this work, please contact Katja Tuma