Security modeling and the application life cycle
First Claim
Patent Images
1. A system that facilitates security modeling of an application life cycle, comprising:
- an input component that accepts an input; and
a threat modeling component that generates a threat model of the application life cycle based at least in part upon the input.
2 Assignments
0 Petitions
Accused Products
Abstract
A security engineering system and methodology associated with the application life cycle is provided. The subject innovation provides a threat modeling system can be employed to identify threats and vulnerabilities associated with stages of the application life cycle. In accordance therewith, the novel innovation can facilitate identification of common issues that can arise during a threat modeling activity. The innovation can provide for a systematic mechanism to identify threats and/or vulnerabilities in accordance with the application life cycle.
453 Citations
20 Claims
-
1. A system that facilitates security modeling of an application life cycle, comprising:
-
an input component that accepts an input; and
a threat modeling component that generates a threat model of the application life cycle based at least in part upon the input. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of modeling performance of an application, comprising:
-
identifying a usage scenario;
identifying a security objective based at least in part upon the usage scenario;
creating an overview of the application; and
identifying a threat based at least in part upon the overview. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-executable system that facilitates security modeling of an application, comprising:
-
means for identifying a usage scenario associated with the application;
means for identifying a security objective based at least in part upon the usage scenario;
means for establishing an application overview;
means for generating a decomposition of the application to identify at least one of a trust boundary, a data flow, an entry point and an exit point; and
means for identifying a threat based at least in part upon one of the security objective, the application overview and the application decomposition. - View Dependent Claims (19, 20)
-
Specification