Abstract
This paper is talking about Microsoft’s initiatives in delivering more secure software. The first part of the paper defines the Trustworthy Computing initiative and will highlight the security pillar of this initiative. I will explain the security framework called SD3+C and give some examples what we did in each part of this framework.
The second part highlights one specific element of the initiative called STRIDE threat modelling. Under impulse of the Trustworthy Computing initiative, each product development needs to go through STRIDE. We want to encourage designers in general to include threat modelling into the design process. The STRIDE model can be very helpful to achieve this. STRIDE should be seen as a two phase approach. In the first phase, designers will use the model to look to their architectures through the eyes of a hacker. The outcome will be a prioritized list of threats. In a second phase the designers need to mitigate this high priority threats. STRIDE will help them to include threat modelling into their design process and to ask the right questions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Microsoft: Next Generation Secure Computing Base. Editor: Microsoft Web: http://www.microsoft.com/ngscb, Microsoft, 2003.
Meier, J.D. et al. Microsoft: Improving Web Application Security: Threats and countermeasures. Editor: Microsoft patterns & practices Web: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ ThreatCounter.asp, Microsoft, 2003.
Howard, Michael and LeBlanc David Name: Writing Secure Code Second Edition. Editor: Microsoft, Microsoft Press, 2003.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH,Wiesbaden
About this chapter
Cite this chapter
Bjones, R. (2004). Delivering more Secure Software. In: Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84982-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-322-84982-3_7
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05887-6
Online ISBN: 978-3-322-84982-3
eBook Packages: Springer Book Archive