Combining Misuse Cases with Attack Trees and Security Activity Models

Combining Misuse Cases with Attack Trees and Security Activity Models

Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model ty...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Tndel, I.A., Jensen, J., Rstad, L.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
attack tree
Best practices
Computer security
Data security
Information security
misuse case
National security
Programming
requirements
security
Software safety
Statistics
threat models
Tree graphs
Unified modeling language
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model types. In this paper we present how misuse cases and attack trees can be linked to get a high-level view of the threats towards a system through misuse case diagrams and a more detailed view on each threat through attack trees. Further, we introduce links to security activity descriptions in the form of UML activity graphs. These can be used to describe mitigating security activities for each identified threat. The linking of different models makes most sense when security modeling is supported by tools, and we present the concept of a security repository that is being built to store models and relations such as those presented in this paper.
DOI:10.1109/ARES.2010.101