Software Artifact Repository Project:

This project provides a repository of software artifacts for software assurance education. The artifacts include representative results from interdependent development and assurance activities for security-critical software as shown in the following figure:

example graphic

• Security requirement specifications: These artifacts result from eliciting and analyzing security requirements. They include use cases, misuse cases, security use cases (also called mitigation use cases), and class/sequence diagrams that realize use cases and security use cases.

• Access control policies: These artifacts result from analyzing and specifying software security policies, particularly access control policies.

• Threat models: These artifacts result from design-level modeling of security threats (i.e., potential attacks) and security risk assessment.

• Security test models: These artifacts result from analyzing security test requirements—part of security testing. Security test models describe the components that testers need to examine to ensure security. They include specifications of security policies and security threats.

• Security test cases: One security testing activity is to create and run security test cases—a sequence of test inputs and an expected result (i.e., oracle value) of each test input. The test case can be a non-executable script or a piece of executable code. Testers can create test cases manually or generate them automatically with a tool such as MISTA.

• Vulnerability models: These artifacts result from risk assessment and vulnerability management. The proposed vulnerability models cover both design-level and implementation-level vulnerabilities of each subject program.

• Source code including original code and security mutants: These artifacts result from security mutation analysis, which injects vulnerabilities into a given program (typically source code) according to a vulnerability model. A security mutant is a variation of the original code with an injected vulnerability. Security mutation analysis provides an important approach for measuring security assurance effectiveness and adequacy. For example, testers can identify vulnerability detection rate, which is the number of vulnerabilities detected by an assurance technique divided by the total number of injected vulnerabilities.