Rapid application security threat analysis
First Claim
1. In a computer system, a method for providing application security threat-modeling, the method comprising:
- defining a plurality of model components to represent respective elements of an application, each model component comprising a respective set of potential security threats;
interconnecting the model components to form a logical model of the application; and
analyzing one or more of the potential security threats in terms of the model components in the logical model.
2 Assignments
0 Petitions
Accused Products
Abstract
The following subject matter provides for modeling an application'"'"'s potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.
-
Citations
36 Claims
-
1. In a computer system, a method for providing application security threat-modeling, the method comprising:
-
defining a plurality of model components to represent respective elements of an application, each model component comprising a respective set of potential security threats;
interconnecting the model components to form a logical model of the application; and
analyzing one or more of the potential security threats in terms of the model components in the logical model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium comprising computer-executable instructions for providing application security threat-modeling, the computer-executable instructions comprising instructions for:
-
defining a plurality of model components to represent respective elements of an application, each model component comprising a respective set of potential security threats;
interconnecting the model components to form a logical model of the application; and
analyzing one or more of the potential security threats in terms of the model components in the logical model. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A device comprising:
-
a memory comprising computer-executable instructions for providing application security threat-modeling;
a processor that is operatively coupled to the memory, the processor being configured to fetch and execute the computer-executable instructions from the memory, the computer-executable instructions comprising instructions for;
defining a plurality of model components to represent respective elements of an application, each model component comprising a respective set of potential security threats;
interconnecting the model components to form a logical model of the application; and
analyzing one or more of the potential security threats in terms of the model components in the logical model. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A user interface for application security threat-modeling, the user interface comprising:
-
means for displaying and interconnecting a plurality of model components to design a logical model of an application, at least a subset of the model components comprising a corresponding set of potential security threat characteristics;
means for specifying a component of the model components; and
means for addressing one or more of the potential security threats in terms of the model components in the logical model. - View Dependent Claims (32, 33, 34, 35, 36)
-
Specification