Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Attack Pattern References

Author(s): Sean Barnum Amit Sethi Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Requirements  Testing  Copyright: Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.


Content area bibliography.

[Alexander 64]

Alexander, Christopher. Notes on the Synthesis of Form. Cambridge, MA: Harvard University Press, 1964.

[Alexander 77]

Alexander, Christopher; Ishikawa, Sara; & Silverstein, Murray. A Pattern Language. New York, NY: Oxford University Press, 1977.

[Alexander 79]

Alexander, Christopher. A Timeless Way of Building. New York, NY: Oxford University Press, 1979.

[DOA 88]

Department of the Army. AR 380-5 Department of the Army Information Security Program, Classified Document and Materiel Storage (1988).

[Gamma 95]

Gamma, E.; Helm, R.; Johnson, R.; & Vlissides, J. Design Patterns: Elements of Reusable Object-Oriented Software. Boston, MA: Addison-Wesley, 1995.

[Gegick 05]

Gegick, Michael & Williams, Laurie. “Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs.” ACM SIGSOFT Software Engineering Notes, Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications SESS '05, Volume 30, Issue 4. New York, NY: ACM Press, 2005.

[Graff 03]

Graff, Mark & van Wyk, Kenneth. Secure Coding: Principles and Practices. Sebastopol, CA: O’Reilly and Associates, 2003.

[Hoglund 04]

Hoglund, Greg & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley, 2004 (ISBN 0-2017-8695-8).

[Howard 02]

Howard, M.; & LeBlanc, D. Writing Secure Code. Redmond, WA: Microsoft Press, 2002.

[Kienzle 01]

Kienzle, Darrell & Elder, Matthew. Security Patterns (2001).

[Koizol 04]

Koizol, Jack; Litchfield, D.; Aitel, D.; Anley, C.; Eren, S.; Mehta, N.; & Riley. H. The Shellcoder's Handbook: Discovering and Exploiting Security Holes. Indianapolis, IN: Wiley, 2004 (ISBN 0764544683).

[Leveson 83]

Leveson, Nancy G. & Stolzy, Janice L. “Safety analysis of ada programs using fault trees.” IEEE Transactions on Reliability R-32, 5 (December 1983): 479-484.

[Leveson 04]

Leveson, Nancy. “A Systems-Theoretic Approach to Safety in Software-Intensive Systems.” IEEE Transactions on Dependable and Secure Computing 1, 1 (January-March 2004): 66-86. 

[McGraw 06]

McGraw, Gary. Software Security: Building Security In. Boston, MA: Addison-Wesley, 2006.

[Moore 01]

Moore, A. P.; Ellison, R. J.; & Linger, R. C. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001, ADA388771). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. 

[ReliaSoft 03]

ReliaSoft. Fault Tree Analysis, Reliability Block Diagrams and the BlockSim FTI Edition, 2003.

[Schneier 99]

Schneier, Bruce. “Attack Trees: Modeling Security Threats.” Dr. Dobb’s Journal, December, 1999.

[Schumacher 06a]

Schumacher, M.; Fernandez-Buglioni, E.; Hybertson, D.; Buschmann, F. & Sommerlad, P. Security Patterns: Integrating Security and Systems Engineering. New York, NY: John Wiley & Sons, 2006.

[Schumacher 06b]

Schumacher, Markus. SecurityPatterns.Org.  (2006).

[Swiderski 04]

Swiderski, F. & Snyder, W. Threat Modeling. Redmond, WA: Microsoft Press (2004).

[Vesely 81]

Vesely, W. E.; Goldberg, F. F.; Roberts, N. H.; & Haasl, D. H. Fault Tree Handbook (NUREG-0492). Washington, DC: Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, 1981.

[Viega 01]

Viega, John & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2001.

[Whittaker 03]

Whittaker, James. How to Break Software Security: Effective Techniques for Security Testing. Boston, MA: Addison-Wesley, 2003.