Institute for Software Research
School of Computer Science, Carnegie Mellon University


STRIDE-based Security Model in Acme

Marwan Abi-Antoun*, Jeffrey M. Barnes**

January 2010

Keywords: Threat modeling, data flow diagrams, architecture-level security analysis, spoofing, tampering, information disclosure, denial of service, architectural description language, Acme

In earlier work, Abi-Antoun, Wang and Torr defined a model for reasoning about security at the architectural-level, following the STRIDE methodology, which looks for vulnerabilities in the areas of Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege.

The previous security model and checker were implemented using custom code. We now formalize the same model using ADL support for architectural types and properties, and define the checks as logic predicates. Using an ADL gives the benefit of having a declarative model, with less room for error compared to custom code. Moreover, with such a model, power users can more easily add properties and predicates to extend or customize the security analysis.

16 pages

*Department of Computer Science, Wayne State University
**Institute for Software Research, Carnegie Mellon

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by