Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Attack Pattern References

Original release date: November 07, 2006 Author(s): Sean Barnum Amit Sethi Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Requirements  Testing  Copyright: Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Abstract

Content area bibliography.

[Alexander 64]

Alexander, Christopher. Notes on the Synthesis of Form. Cambridge, MA: Harvard University Press, 1964.

[Alexander 77]

Alexander, Christopher; Ishikawa, Sara; & Silverstein, Murray. A Pattern Language. New York, NY: Oxford University Press, 1977.

[Alexander 79]

Alexander, Christopher. A Timeless Way of Building. New York, NY: Oxford University Press, 1979.

[DOA 88]

Department of the Army. AR 380-5 Department of the Army Information Security Program, Classified Document and Materiel Storage (1988).

[Gamma 95]

Gamma, E.; Helm, R.; Johnson, R.; & Vlissides, J. Design Patterns: Elements of Reusable Object-Oriented Software. Boston, MA: Addison-Wesley, 1995.

[Gegick 05]

Gegick, Michael & Williams, Laurie. “Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs.” ACM SIGSOFT Software Engineering Notes, Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications SESS '05, Volume 30, Issue 4. New York, NY: ACM Press, 2005.

[Graff 03]

Graff, Mark & van Wyk, Kenneth. Secure Coding: Principles and Practices. Sebastopol, CA: O’Reilly and Associates, 2003.

[Hoglund 04]

Hoglund, Greg & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley, 2004 (ISBN 0-2017-8695-8).

[Howard 02]

Howard, M.; & LeBlanc, D. Writing Secure Code. Redmond, WA: Microsoft Press, 2002.

[Kienzle 01]

Kienzle, Darrell & Elder, Matthew. Security Patterns (2001).

[Koizol 04]

Koizol, Jack; Litchfield, D.; Aitel, D.; Anley, C.; Eren, S.; Mehta, N.; & Riley. H. The Shellcoder's Handbook: Discovering and Exploiting Security Holes. Indianapolis, IN: Wiley, 2004 (ISBN 0764544683).

[Leveson 83]

Leveson, Nancy G. & Stolzy, Janice L. “Safety analysis of ada programs using fault trees.” IEEE Transactions on Reliability R-32, 5 (December 1983): 479-484.

[Leveson 04]

Leveson, Nancy. “A Systems-Theoretic Approach to Safety in Software-Intensive Systems.” IEEE Transactions on Dependable and Secure Computing 1, 1 (January-March 2004): 66-86. 

[McGraw 06]

McGraw, Gary. Software Security: Building Security In. Boston, MA: Addison-Wesley, 2006. http://www.buildingsecurityin.com

[Moore 01]

Moore, A. P.; Ellison, R. J.; & Linger, R. C. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001, ADA388771). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. 

[ReliaSoft 03]

ReliaSoft. Fault Tree Analysis, Reliability Block Diagrams and the BlockSim FTI Edition, 2003.

[Schneier 99]

Schneier, Bruce. “Attack Trees: Modeling Security Threats.” Dr. Dobb’s Journal, December, 1999.

[Schumacher 06a]

Schumacher, M.; Fernandez-Buglioni, E.; Hybertson, D.; Buschmann, F. & Sommerlad, P. Security Patterns: Integrating Security and Systems Engineering. New York, NY: John Wiley & Sons, 2006.

[Schumacher 06b]

Schumacher, Markus. SecurityPatterns.Org.  (2006).

[Swiderski 04]

Swiderski, F. & Snyder, W. Threat Modeling. Redmond, WA: Microsoft Press (2004).

[Vesely 81]

Vesely, W. E.; Goldberg, F. F.; Roberts, N. H.; & Haasl, D. H. Fault Tree Handbook (NUREG-0492). Washington, DC: Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, 1981.

[Viega 01]

Viega, John & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2001.

[Whittaker 03]

Whittaker, James. How to Break Software Security: Effective Techniques for Security Testing. Boston, MA: Addison-Wesley, 2003.

Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.

For information regarding external or commercial use of copyrighted materials owned by Cigital, including information about “Fair Use,” contact Cigital at copyright@cigital.com.

The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content.