BEGIN:VCALENDAR
VERSION:2.0
PRODID:IEEE vTools.Events//EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:US/Central
BEGIN:DAYLIGHT
DTSTART:20210314T030000
TZOFFSETFROM:-0600
TZOFFSETTO:-0500
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:CDT
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20211107T010000
TZOFFSETFROM:-0500
TZOFFSETTO:-0600
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:CST
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20210528T063839Z
UID:13080A5B-1759-43E6-9835-A1290BE7B9B3
DTSTART;TZID=US/Central:20210422T190000
DTEND;TZID=US/Central:20210422T200000
DESCRIPTION:Despite the reported attacks on critical systems\, operational 
 techniques such as malware analysis are not used to inform early lifecycle
  activities\, such as security requirements engineering. In our CERT resea
 rch\, it was thought that malware analysis reports (found in databases suc
 h as Rapid 7)\, could be used to identify misuse cases that pointed toward
 s overlooked security requirements. If such requirements could be identifi
 ed\, they could be incorporated into future systems that were similar to t
 hose that were successfully attacked. A process was defined\, and then a C
 MU project was sponsored to develop a tool. The hope was that the malware 
 report databases were amenable to automated processing\, and that they wou
 ld point to flaws such as those documented in the CWE and CAPEC databases.
  It turned out to not be so simple. This talk will describe our initial re
 search results\, and the research remaining to be done in both the require
 ments and architecture areas.\n\nIEEE NIU Student Branch Computer Society 
 Chapter and Rock River Valley Section Women in Engineering Event.\n\nPrese
 ntation by Dr. Nancy Mead\, Carnegie Mellon University\n\nCo-sponsored by:
  RRVS Women in Engineering (WIE)\n\nSpeaker(s): Nancy Mead\, \n\nDeKalb\, 
 Illinois\, United States\, Virtual: https://events.vtools.ieee.org/m/26989
 6
LOCATION:DeKalb\, Illinois\, United States\, Virtual: https://events.vtools
 .ieee.org/m/269896
ORGANIZER:d.zinger@ieee.org
SEQUENCE:8
SUMMARY:Using Malware Analysis to Identify Overlooked Security Requirements
  (MORE)
URL;VALUE=URI:https://events.vtools.ieee.org/m/269896
X-ALT-DESC:Description: <br /><p>Despite the reported attacks on critical s
 ystems\, operational techniques such as malware analysis are not used to i
 nform early lifecycle activities\, such as security requirements engineeri
 ng. In our CERT research\, it was thought that malware analysis reports (f
 ound in databases such as Rapid 7)\, could be used to identify misuse case
 s that pointed towards overlooked security requirements. If such requireme
 nts could be identified\, they could be incorporated into future systems t
 hat were similar to those that were successfully attacked. A process was d
 efined\, and then a CMU project was sponsored to develop a tool. The hope 
 was that the malware report databases were amenable to automated processin
 g\, and that they would point to flaws such as those documented in the CWE
  and CAPEC databases. It turned out to not be so simple. This talk will de
 scribe our initial research results\, and the research remaining to be don
 e in both the requirements and architecture areas.</p>\n<p>&nbsp\;</p>\n<p
 >IEEE NIU Student Branch Computer Society Chapter and Rock River Valley Se
 ction Women in Engineering Event.</p>\n<p>Presentation by Dr. Nancy Mead\,
 &nbsp\;Carnegie Mellon University&nbsp\;</p>
END:VEVENT
END:VCALENDAR