Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 25 • 10:00am - 10:45am
Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements

Sign up or log in to save this to your schedule and see who's attending!

Behavioral Security Modeling (BSM), first presented at AppSec USA 2011 in Minneapolis, was conceived as a way of modeling interactions between information and people in terms of socially defined roles and the expected behaviors of the system being designed. By reducing the difference between the expected system behaviors and the actual system behaviors, we can manage the vulnerabilities that are inevitably introduced when the expected and actual system behaviors are out of alignment. BSM asserts that robust, secure information systems are best achieved through carefully modeling human/information interactions in social terms.

Modeling human/information interactions starts with requirements gathering. While traditional security requirements describe how to "keep the bad guys from messing with our stuff," BSM functional requirements seek to define "what the good guys are allowed to do." To address this gap, we have developed a practical, SDLC agnostic method for gathering functional security requirements by defining limits on interactions through a series of questions to identify and clarify constraints, as well as uncover hidden constraints. We will discuss the development of the methodology and demonstrate its use, as described in our white paper, including early experiences implementing the approach.


Speakers
avatar for John Benninghoff

John Benninghoff

Security Consultant, Transvasive Security
John Benninghoff started Transvasive Security to develop Behavioral Information Security, a new philosophy of security that draws on knowledge of how people behave and interact with information. He has spoken at national and regional security conferences, and writes regularly for his company blog at transvasive.com. | | | | John began his information security career when he was asked to build and deploy a Network IDS using free... Read More →


Thursday October 25, 2012 10:00am - 10:45am
NTObjectives Room - Texas Ballroom II Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (17)