Defining Misuse within the Development Process

Peterson, Gunnar; Steven, John

doi:10.1109/msp.2006.149

Cited by 18 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sindre and Opdahl give "get privileges" as a misuse case for "register customer" use case [16]. Peterson and Steven give "inject commands" as a misuse case for "review account" in a banking system [12]. Rostad gives "overflow attack" as a misuse for "enter user name" use case, which is mitigated by "input validation" [14].…”

Section: Orphan Misuses Anti-patternmentioning

confidence: 99%

An Anti-pattern for Misuse Cases

Dashti

Radomirović

2017

Computer Security

View full text Add to dashboard Cite

Abstract. Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed "orphan misuses." Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.

show abstract

Section: Orphan Misuses Anti-patternmentioning

confidence: 99%

An Anti-pattern for Misuse Cases

Dashti

Radomirović

2017

Computer Security

View full text Add to dashboard Cite

show abstract

“…A:12 L. Yeo et al these scenarios in the workflow [Gupta and Winstead 2007;Peterson and Steven 2006;Phillips and Swiler 1998]. The model could also be extended to consider the additional risk reduction afforded by the purchase of so-called "cyberinsurance."…”

Section: Appendix a Data Generationmentioning

confidence: 99%

Risk Mitigation Decisions for IT Security

Yeo

Rolland

Ulmer

et al. 2014

ACM Trans. Manage. Inf. Syst.

View full text Add to dashboard Cite

Enterprises must manage their information risk as part of their larger operational risk management program. Managers must choose how to control for such information risk. This article defines the flow risk reduction problem and presents a formal model using a workflow framework. Three different control placement methods are introduced to solve the problem, and a comparative analysis is presented using a robust test set of 162 simulations. One year of simulated attacks is used to validate the quality of the solutions. We find that the math programming control placement method yields substantial improvements in terms of risk reduction and risk reduction on investment when compared to heuristics that would typically be used by managers to solve the problem. The contribution of this research is to provide managers with methods to substantially reduce information and security risks, while obtaining significantly better returns on their security investments. By using a workflow approach to control placement, which guides the manager to examine the entire infrastructure in a holistic manner, this research is unique in that it enables information risk to be examined strategically.

show abstract

“…Methods in this group include a broad class of generic data gathering techniques, such as questionnaires and surveys, interviews, and analysis of existing documentation. [8]…”

Section: A Traditional Techniquesmentioning

confidence: 99%

Proposed Algorithm using WARE for the Elicitation of Software Requirements

Gupta¹,

Kumar²

2011

IJET

View full text Add to dashboard Cite

Elicitation is all about determining the needs of stakeholders and learning, uncovering extracting and /or discovering needs of the users and other potential stakeholders. In software engineering, a requirement is a description of what a system should do. System may have dozen to thousands of requirements. Software requirements stipulate what must be accomplished, transformed, produced or provided. In the field of software engineering researchers, academicians and scientist have developed many models and framework to elicit and prioritize the software requirements. It is well documented that requirement engineering saves money. In this paper we have proposed an algorithm to elicit the software requirement for small scale organization.

show abstract

Defining Misuse within the Development Process

Cited by 18 publications

References 1 publication

An Anti-pattern for Misuse Cases

An Anti-pattern for Misuse Cases

Risk Mitigation Decisions for IT Security

Proposed Algorithm using WARE for the Elicitation of Software Requirements

Contact Info

Product

Resources

About