Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Entire DC Network
Threat Modelling With Stride And Uml, Michael N. Johnstone
Threat Modelling With Stride And Uml, Michael N. Johnstone
Australian Information Security Management Conference
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …
A Comparison Of Laboratory And Vulnerability Evaluation Methods For The Testing Security Equipment, Benjamin Beard, David J. Brooks
A Comparison Of Laboratory And Vulnerability Evaluation Methods For The Testing Security Equipment, Benjamin Beard, David J. Brooks
Australian Security and Intelligence Conference
A facility wide security system cannot be tested without causing disruption or creating vulnerabilities within the system. To overcome this issue, individual components or equipment may be evaluated to a priori performance standard. The two common approaches to security equipment evaluations are vulnerability attacks and laboratory testing. Laboratory testing of security equipment can reduce the costs and time associated with evaluations, as well as limiting the subjectivity of the tests. Vulnerability attacks will produce more realistic evaluation results of the whole security system; nevertheless, the data obtained is dependent on the physical attributes and skill of the attackers. This study …