Using Malware Analysis in Security Requirements Elicitation
• Collection
Publisher
Software Engineering Institute
Topic or Tag
Abstract
SEI researchers and CMU students extended this work by creating an open-source tool, MORE, which allows developers to add information and search misuse cases, use cases, and overlooked requirements. Having this information enables developers to build more robust requirements that prevent security weaknesses in their products.
Collection Items
Report Writer and Security Requirements Finder: User and Admin Manuals
• Special Report
By Nancy R. Mead, Anand Sankalp (Carnegie Mellon University), Gupta Anurag (Carnegie Mellon), Priyam Swati (Carnegie Mellon University), Yaobin Wen (Carnegie Mellon University), Walid El Baroni (Carnegie Mellon University)
This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
ReadUsing Malware Analysis to Identify Overlooked Security Requirements (MORE)
• Presentation
By Nancy R. Mead
In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.
Learn MoreUsing Malware Analysis to Improve Security Requirements on Future Systems
• Conference Paper
By Nancy R. Mead, Jose A. Morales
In this paper, the authors propose to improve how security requirements are identified.
ReadA Method and Case Study for Using Malware Analysis to Improve Security Requirements
• Article
By Nancy R. Mead, Jose A. Morales, Gregory Paul Alice
In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
ReadUsing Malware Analysis to Tailor SQUARE for Mobile Platforms
• Technical Note
By Gregory Paul Alice, Nancy R. Mead
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
Read