AppSecUSA 2012 has ended
Back To Schedule
Thursday, October 25 • 10:00am - 10:45am
Building Predictable Systems using Behavioral Security Modeling: Functional Security Requirements

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Behavioral Security Modeling (BSM), first presented at AppSec USA 2011 in Minneapolis, was conceived as a way of modeling interactions between information and people in terms of socially defined roles and the expected behaviors of the system being designed. By reducing the difference between the expected system behaviors and the actual system behaviors, we can manage the vulnerabilities that are inevitably introduced when the expected and actual system behaviors are out of alignment. BSM asserts that robust, secure information systems are best achieved through carefully modeling human/information interactions in social terms.

Modeling human/information interactions starts with requirements gathering. While traditional security requirements describe how to "keep the bad guys from messing with our stuff," BSM functional requirements seek to define "what the good guys are allowed to do." To address this gap, we have developed a practical, SDLC agnostic method for gathering functional security requirements by defining limits on interactions through a series of questions to identify and clarify constraints, as well as uncover hidden constraints. We will discuss the development of the methodology and demonstrate its use, as described in our white paper, including early experiences implementing the approach.

avatar for John Benninghoff

John Benninghoff

Security Consultant, Transvasive Security
John Benninghoff started Transvasive Security to develop Behavioral Information Security, a new philosophy of security that draws on knowledge of how people behave and interact with information. He has spoken at national and regional security conferences, and writes regularly for... Read More →

Thursday October 25, 2012 10:00am - 10:45am CDT
NTObjectives Room - Texas Ballroom II Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (1)