Misuse Cases + Assets + Security Goals

@article{Okubo2009MisuseC,
  title={Misuse Cases + Assets + Security Goals},
  author={Takao Okubo and Kenji Taguchi and Nobukazu Yoshioka},
  journal={2009 International Conference on Computational Science and Engineering},
  year={2009},
  volume={3},
  pages={424-429}
}
Security is now the most critical feature of any computing systems. Eliciting and analyzing security requirements in the early stages of the system development process is highly recommended to reduce security vulnerabilities which might be found in the later stages of the system development process. In order to address this issue, we will propose a new extension of the misuse case diagram for analyzing and eliciting security requirements with special focus on assets and security goals. We will… 

Figures from this paper

MASG: Advanced Misuse Case Analysis Model with Assets and Security Goals
TLDR
An extension of misuse case model and its development process is presented by incorporating new model elements, assets and security goals to enable inexperienced requirements analysts to elicit and to analyse security requirements.
MASG: Advanced Misuse Case Analysis Model with Assets and Security Goals
TLDR
An extension of misuse case model and its development process is presented by incorporating new model elements, assets and security goals to enable inexperienced requirements analysts to elicit and to analyse security requirements.
GRACE TECHNICAL REPORTS Security Requirements Analysis and Validation with Misuse Cases and Institutional Modelling
TLDR
It is shown how any state of the system can be verified with respect to the events that brought about that state, and how the same traces enable: identification of possible times and causes of security breaches and establishment of possible consequences of security violations.
Eliciting Security Requirements for an Information System using Asset Flows and Processor Deployment
TLDR
The authors convert a use-case description into a variation of a data flow diagram called an asset-flow diagram AFD and refine the AFDs based on a processor deployment diagram PDD, which gives information about a system architecture.
Designing Secure Software by Testing Application of Security Patterns
TLDR
The authors propose an application to design software systems with verification of security patterns using model testing, which provides extended security patterns, which include requirement- and design-level patterns as well as a new designing and model testing process that uses these patterns.
TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing
TLDR
This work proposes extended security patterns, which include requirement-and design-level patterns as well as a new model testing process that supports pattern applications by creating a script to execute model testing automatically and verifies whether the security patterns are properly applied.
Aligning Security Requirements and Security Assurance Using the Common Criteria
This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single
A Framework for Security Requirements Elicitation
TLDR
The framework proposed by combining CLASP, Misuse cases and Secure TROPOS contains the strengths of three security requirements elicitation techniques and is flexible and contains fifteen steps to elicit security requirements.
Identification, Implementation and Validation of Authentication and Authorization pattern in Distributed System using Spring Security Framework
TLDR
Main aim is to identify the J2EEE pattern which can be implemented in spring Security Framework with the help of available Classes of Spring Security and this framework is more concern about Authentication and Authorization.
Risk Centric Threat Modeling- A Misuse Case based approach
TLDR
An extended version of misuse case model is proposed, which incorporates ‘assets, vulnerabilities and risk-spots’, and a modeling process has been suggested for helping the designers to model security related risks in an effective manner during the requirements phase, itself.
...
...

References

SHOWING 1-10 OF 11 REFERENCES
Security quality requirements engineering (SQUARE) methodology
TLDR
A model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program is presented, and two case studies where the model was applied to a client system are examined.
Using abuse case models for security requirements analysis
  • J. McDermott, C. Fox
  • Computer Science
    Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
  • 1999
TLDR
A proven object oriented modeling technique is adapted, use cases, to capture and analyze security requirements in a simple way, and its relationship to other security engineering work products is relatively simple, from a user perspective.
Web security patterns for analysis and design
TLDR
A visualized analysis approach for eliciting security requirements by extending misuse cases is presented, and it is found that some of its results can be pattern candidates.
Eliciting security requirements by misuse cases
  • G. Sindre, A. Opdahl
  • Computer Science
    Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000
  • 2000
TLDR
This paper suggests how this can be done, extending the diagrams with misuse cases, which makes it possible to represent actions that the system should prevent, together with those actions which it should support.
Elaborating security requirements by construction of intentional anti-models
  • A. V. Lamsweerde
  • Computer Science
    Proceedings. 26th International Conference on Software Engineering
  • 2004
TLDR
The paper presents a constructive approach to the modeling, specification and analysis of application-specific security requirements, based on a goal-oriented framework for generating and resolving obstacles to goal satisfaction.
Security Requirements Engineering: A Framework for Representation and Analysis
TLDR
The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements, and is evaluated by applying it to a security requirements analysis within an air traffic control technology evaluation project.
Eliciting security requirements with misuse cases
TLDR
This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines, and is potentially useful for several other types of extra-functional requirements beyond security.
Security Use Cases
TLDR
This column provides examples and guidelines for properly specifying essential (i.e., requirements-level) security use cases for engineering security requirements.
Security and privacy requirements analysis within a social setting
  • Lin Liu, E. Yu, J. Mylopoulos
  • Computer Science
    Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.
  • 2003
TLDR
A methodological framework for dealing with security and privacy requirements based on i*, an agent-oriented requirements modeling language is proposed, which supports a set of analysis techniques and helps identify potential system abusers and their malicious intents.
Modelling the Interplay of Conflicting Goals with Use and Misuse Cases
TLDR
An economical set of four relationships is suggested: threatens, mitigates, aggravates, conflicts with and gives examples of three general types of situation in which these relationships between friendly and hostile goals help to define business situations.
...
...