Using Malware Analysis to Identify Overlooked Security Requirements (MORE)

Share

Despite the reported attacks on critical systems, operational techniques such as malware analysis are not used to inform early lifecycle activities, such as security requirements engineering. In our CERT research, it was thought that malware analysis reports (found in databases such as Rapid 7), could be used to identify misuse cases that pointed towards overlooked security requirements. If such requirements could be identified, they could be incorporated into future systems that were similar to those that were successfully attacked. A process was defined, and then a CMU project was sponsored to develop a tool. The hope was that the malware report databases were amenable to automated processing, and that they would point to flaws such as those documented in the CWE and CAPEC databases. It turned out to not be so simple. This talk will describe our initial research results, and the research remaining to be done in both the requirements and architecture areas.

 

IEEE NIU Student Branch Computer Society Chapter and Rock River Valley Section Women in Engineering Event.

Presentation by Dr. Nancy Mead, Carnegie Mellon University 



  Date and Time

  Location

  Hosts

  Registration



  • Date: 22 Apr 2021
  • Time: 07:00 PM to 08:00 PM
  • All times are US/Central
  • Add_To_Calendar_icon Add Event to Calendar
If you are not a robot, please complete the ReCAPTCHA to display virtual attendance info.
  • DeKalb, Illinois
  • United States

  • Co-sponsored by RRVS Women in Engineering (WIE)
  • Starts 17 April 2021 09:40 PM
  • Ends 22 April 2021 06:55 PM
  • All times are US/Central
  • No Admission Charge


  Speakers

Nancy Mead

Biography:

Dr. Nancy R. Mead is a Fellow of the Software Engineering Institute (SEI), and an Adjunct Professor of Software Engineering at Carnegie Mellon University. Her research areas are security requirements engineering and software assurance curricula. The Nancy Mead Award for Excellence in Software Engineering Education is named for her.

Prior to joining the SEI, Mead was a senior technical staff member at IBM Federal Systems, where she spent most of her career in the development and management of large real-time systems. She also worked in IBM’s software engineering technology area and managed IBM Federal Systems’ software engineering education department. She has developed and taught numerous courses on software engineering topics, both at universities and in professional education courses.

Mead has more than 150 publications and invited presentations. She is a Life Fellow of the IEEE, a Distinguished Member of the ACM, and was named the 2015 Distinguished Educator by IEEE TCSE. Dr. Mead received her PhD in mathematics from the Polytechnic Institute of New York.