Secure System Modeling: Integrating Security Attacks with Statecharts

Software security is becoming an important concern as software applications are increasingly depending on the Internet, an untrustworthy computing environment. Vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in software design can be wrongly exploited by security attacks. Software functionality and security, however, are often handled separately in the development process. Software is designed with the mindset of its functionalities and cost, where the focus is mainly on the operational behavior. Security concerns, on the other hand, are often described in an imprecise way and open to subjective interpretations. This paper presents a threat driven approach that improves on the quality of software through the realization of a more secure model. The approach introduces systematic transformation rules and integration steps for integrating attack tree representations into statechart-based functional models. Through the focus on the behavior of an attack from the perspective of the system behavior, software engineers can clearly define and understand security concerns as software is designed. Security analysis and threat identification are then applied to the integrated model in order to identify and mitigate vulnerabilities at the design level.