Cybersecurity Engineering Research: Malware Analysis Collection

January 11, 2017 • Collection

This research uses information about previous cyberattacks to enhance requirements elicitation for software development.

Publisher

Software Engineering Institute

Subjects

Software Engineering And Information Assurance

Abstract

In traditional lifecycle models, use cases help developers identify requirements for their systems. Our research explores how developers can mine data from misuse cases to identify security requirements. Such requirements help developers address potential design flaws that can be exploited by attackers thereby resulting in more secure software.

SEI researchers and CMU students extended this work by creating an open-source tool, MORE, which allows developers to add information and search misuse cases, use cases, and overlooked requirements. Having this information enables developers to build more robust requirements that prevent security weaknesses in their products.

Collection Items

Results per page

Using Malware Analysis to Identify Overlooked Security Requirements (MORE)

January 3, 2017 • Presentation

By Nancy R. Mead

In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.

Learn More

Report Writer and Security Requirements Finder: User and Admin Manuals

June 7, 2016 • Special Report

By Nancy R. Mead, Anand Sankalp (Carnegie Mellon University), Gupta Anurag (Carnegie Mellon), Priyam Swati (Carnegie Mellon University), Yaobin Wen (Carnegie Mellon University), Walid El Baroni (Carnegie Mellon University)

This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.

Read

Using Malware Analysis to Improve Security Requirements on Future Systems

August 25, 2015 • Conference Paper

By Nancy R. Mead, Jose A. Morales

In this paper, the authors propose to improve how security requirements are identified.

Read

A Method and Case Study for Using Malware Analysis to Improve Security Requirements

January 9, 2015 • Article

By Nancy R. Mead, Jose A. Morales, Gregory Paul Alice

In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.

Read

Using Malware Analysis to Tailor SQUARE for Mobile Platforms

November 18, 2014 • Technical Note

By Gregory Paul Alice, Nancy R. Mead

This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.

Read

Software Engineering Institute