Meta-models for misuse cases

Hartong, Mark; Goel, Rajni; Wijesekera, Duminda

doi:10.1145/1558607.1558645

Cited by 7 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It's a good tool to treat non-functional requirements [26] from the very beginning of development life cycle by avoiding premature design decisions [27]. The significance of employing MCM is that it enhances the communication between the developers and the stakeholders to agree on critical system solutions by regarding the trade-off analysis [28], and relates well with UCM and UML for Model Driven Development of secure software system [29][30]. Visaggio and de Rosa introduce a system to capture and reason software security knowledge for MCM [31][32], by means of similarity function.…”

Section: Related Workmentioning

confidence: 99%

“…In our work, we aim to build a security knowledge base according to existing known SOs that can be used for MCM to elicit security requirements. Thus we adopt the SOs developed by Herzog et al [29] and Lasheras et al [18] whose works are mainly based on security risk analysis model with core concepts as Asset, Threat, Vulnerability and Countermeasure. In order to cooperate with MCM, we also add some other concepts discussed in [31] as Attack, Attacker and Security Goal to the core ontology.…”

Section: The Core Security Ontology For U/mcmmentioning

confidence: 99%

“…In our work, we represent the Ontology of U/MCM in OWL to facilitate the KB with capability of reasoning and querying. In order to represent it without ambiguity, the core ontology of UCM/MCM is defined with some axioms derived from related works [8,29]. These axioms are rules in syntax level for making us choose a pattern or manner to design the Ontology, as shown in Table 1.…”

Section: Representing Ucm/mcm In the Swmentioning

confidence: 99%

See 2 more Smart Citations

Towards a Semantic Web-enabled Knowledge Base to Elicit Security Requirements for Misuse Cases

Hu¹,

Yang²,

Hong³

et al. 2011

Proceedings of the 8th International Workshop on Security in Information Systems

View full text Add to dashboard Cite

Eliciting security requirements is critical but hard for non-expert to fulfill an exhaustive analysis on large body of security knowledge. Emerging models in requirements engineering (RE) society release some burden of such difficulty, as well as security ontologies are booming for knowledge sharing and reuse. There exists necessity for the synergy of them, such as utilizing security ontology (SO) as the back end of Knowledge Base (KB) for capturing security requirements by using known RE models. Research advances in the Semantic Web (SW) community provide a common framework of technologies that allows data to be shared and reused across boundaries of various application and community. This paper proposes a knowledge base which is constructed on SO and Misuse Case Model (MCM), by representing them into OWL (Web Ontology Language). Semantic rules can be derived from the correlation of SO and MCM to be utilized for reasoning and querying security knowledge via MCM-based requirements elicitation. The proposed KB coordinates SO with a specific RE model to facilitate knowledge sharing to be a foundation for eliciting security requirements automatically.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: The Core Security Ontology For U/mcmmentioning

confidence: 99%

Section: Representing Ucm/mcm In the Swmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Semantic Web-enabled Knowledge Base to Elicit Security Requirements for Misuse Cases

Hu¹,

Yang²,

Hong³

et al. 2011

Proceedings of the 8th International Workshop on Security in Information Systems

View full text Add to dashboard Cite

show abstract

“…There are several proposals for meta-models of security requirements engineering: Hartong et al describe a metamodel of misuse cases [5]. Susi et al [6] give a meta model of Tropos.…”

Section: Related Workmentioning

confidence: 99%

Model-Based Argument Analysis for Evolving Security Requirements

Tun

Haley

et al. 2010

2010 Fourth International Conference on Secure Software Integration and Reliability Improvement

View full text Add to dashboard Cite

Software systems are made to evolve in response to changes in their contexts and requirements. As the systems evolve, security concerns need to be analysed in order to evaluate the impact of changes on the systems. We propose to investigate such changes by applying a meta-model of evolving security requirements, which draws on requirements engineering approaches, security analysis, argumentation and software evolution. In this paper, we show how the meta-model can be instantiated using a formalism of temporal logic, called the Event Calculus. The main contribution is a model based approach to argument analysis, supported by a tool which generates templates for formal descriptions of the evolving system. We apply our approach to several examples from an Air Traffic Management case study.

show abstract

“…While in a similar spirit to our approach, this work does not specify how the proposed approach is to be considered in the context of software development, or how the use of economics relates to security considerations. Finally, Hartong et al [39] seek to harmonise the representation of misuse and abuse cases into a single, UML-driven metamodel.…”

mentioning

confidence: 99%

Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements

Heitzenrater

Simpson

2016

2016 11th International Conference on Availability, Reliability and Security (ARES)

View full text Add to dashboard Cite

Negative use cases -in the form of 'misuse' or 'abuse' cases -have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development.

show abstract

Meta-models for misuse cases

Cited by 7 publications

References 9 publications

Towards a Semantic Web-enabled Knowledge Base to Elicit Security Requirements for Misuse Cases

Towards a Semantic Web-enabled Knowledge Base to Elicit Security Requirements for Misuse Cases

Model-Based Argument Analysis for Evolving Security Requirements

Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements

Contact Info

Product

Resources

About