Abuse-case-based assurance arguments

McDermott, John

doi:10.1109/acsac.2001.991553

Cited by 42 publications

(42 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [13,14] McDermott and Fox have proposed abuse cases to explore how threats and countermeasures could be modelled using standard UML use case but keeping abuse cases in a separate model. Abuse case focusses on security requirements whereas our approach is aligned with ISSRM and focusses on the overall security risk management.…”

Section: Misuse Casesmentioning

confidence: 99%

Towards Security Risk-Oriented Misuse Cases

Soomro

Ahmed

2013

Business Process Management Workshops

View full text Add to dashboard Cite

Abstract. Security has turn out to be a necessity of information systems (ISs) and information per se. Nevertheless, existing practices report on numerous cases when security aspects were considered only at the end of the development process, thus, missing the systematic security analysis. Misuse case diagrams help identify security concerns at early stages of the IS development. Despite this fundamental advantage, misuse cases tend to be rather imprecise; they do not comply with security risk management strategies, and, thus, could lead to misinterpretation of the security-related concepts. Such limitations could potentially result in poor security solutions. This paper applies a systematic approach to understand how misuse case diagrams could help model organisational assets, potential risks, and security countermeasures to mitigate these risks. The contribution helps understand how misuse cases could deal with security risk management and support reasoning for security requirements and their implementation in the software system. Keywords: Security risk management, Misuse cases, Security engineering, Information system security IntroductionDuring the last two decades, line between digital and social life is diminishing, leading that modern society is mainly dependent on information system (IS) and its security. The demand for IS security is constantly growing. Also developing and maintaining system security is increasingly gaining attention. Consideration of IS security at the early stages of software development is also acknowledged in [18]. The security breaches in IS can lead to the negative consequences. The practitioners of IS security must inspect security threats with a negative perspective from the very beginning of IS development process. Consideration of security at early development stages assists to analyse and estimate security measures of the IS to be developed. This paper discusses the security risk management at requirement elicitation and analysis stage. We will consider the question "how security risk management could be addressed using misuse case diagrams?". To answer this question we analyse misuse cases proposed by Sindre and Opdahl [18]. The misuse case diagrams [17,18] are one of the possible techniques to relate security analysis and functional requirements of software systems. The main goal is to model negative scenarios with respect to func-

show abstract

Section: Misuse Casesmentioning

confidence: 99%

Towards Security Risk-Oriented Misuse Cases

Soomro

Ahmed

2013

Business Process Management Workshops

View full text Add to dashboard Cite

show abstract

“…Several notations have been proposed for threat modeling, such as threat trees (a variation of fault trees for safety analysis) [15], threat nets [9,12], and misuse cases (based on use case modeling) [8,10]. Threat nets are based on Petri nets, a mathematically based formalism for modeling and verifying distributed systems.…”

Section: Background and Related Workmentioning

confidence: 99%

“…To date, researchers have developed various security testing techniques. These include techniques that generate test cases or identify vulnerabilities focusing on specific attacks, such as SQL injection or cross-site scripting (XSS) [4][5][6][7]; generate test cases using model-based approaches, such as threat modeling or use case modeling [8][9][10][11][12]; and generate test cases from control policy specifications [13,14] (Section 2 provides details).…”

Section: Introductionmentioning

confidence: 99%

A threat model‐based approach to security testing

Marback

et al. 2012

Softw Pract Exp

View full text Add to dashboard Cite

SUMMARYSoftware security issues have been a major concern in the cyberspace community, so a great deal of research on security testing has been performed, and various security testing techniques have been developed. Threat modeling provides a systematic way to identify threats that might compromise security, and it has been a well-accepted practice by the industry, but test case generation from threat models has not been addressed yet. Thus, in this paper, we propose a threat model-based security testing approach that automatically generates security test sequences from threat trees and transforms them into executable tests. The security testing approach we consider consists of three activities in large: building threat models with threat trees; generating security test sequences from threat trees; and creating executable test cases by considering valid and invalid inputs. To support our approach, we implemented security test generation techniques, and we also conducted an empirical study to assess the effectiveness of our approach. The results of our study show that our threat tree-based approach is effective in exposing vulnerabilities.

show abstract

“…Several notations have been proposed for threat modeling, such as threat trees (a variation of fault trees for safety analysis) [19], threat nets (based on Petri nets) [15,24], misuse cases (based on use case modeling) [4,18]. Obviously, threat models can be used to generate security tests for exercising whether the implementation is resistant from the identified security threats.…”

Section: Background and Related Workmentioning

confidence: 99%