The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 07, 2017
Filed:
Mar. 24, 2015
Luca Compagna, La Roquette sur Siagne, FR;
Serena Ponta, Antibes, FR;
Luca Compagna, La Roquette sur Siagne, FR;
Serena Ponta, Antibes, FR;
SAP SE, Walldorf, DE;
Abstract
Embodiments provide apparatuses and methods supporting software development teams in identifying potential security threats, and then testing those threats against under-development scenarios. At design-time, embodiments identify potential threats by providing sequence diagrams enriched with security annotations. Security information captured by the annotations can relate to topics such as security goals, properties of communications channels, environmental parameters, and/or WHAT-IF conditions. The annotated sequence diagram can reference an extensible catalog of functions useful for defining message content. Once generated, the annotated sequence diagram can in turn serve as a basis for translation into a formal model of system security. At run-time, embodiments support development teams in testing, by exploiting identified threats to automatically generate and execute test-cases against the up and running scenario. The security annotations may facilitate detection of subtle flaws in security logic, e.g., those giving rise to Man-in-the-middle, authentication, and/or confidentiality issues in software under-development.