Combining Misuse Cases with Attack Trees and Security Activity Models

Tøndel, Inger Anne; Jensen, Jostein; Røstad, Lillian

doi:10.1109/ares.2010.101

Cited by 37 publications

(26 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They have also been researched intensively, and examples can be found in [179,190,109,106,99] where reusability of attack models has been considered. Other forms of modelling threats include activity diagrams, sequence diagrams [196], Petri-nets [195] and attack graphs [139].…”

Section: Architecture and Design For Security: Development And Evaluatimentioning

confidence: 99%

“…Other researchers [123] looked at using these requirement-level modelling techniques to derive injection test scenarios in order to test the security properties of the protocol under evaluation. Tondel et al [179] looked into linking misuse cases and attack trees to obtain a high-level view of the threats towards a system through misuse case diagrams, and established a more detailed view on each threat through the employment of attack trees. The work produced by Karpati et al [93] and [137] took the application of misuse cases further by integrating security threats into the architecture, supporting the transition from requirement specifications to high-level design, and vice versa.…”

Section: Functional Testing Chapter 2 Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Architecture-Centric Testing for Security

Al-Azzani

2014

Agile Software Architecture

View full text Add to dashboard Cite

This thesis presents a novel architecture-centric approach, which uses Implied Scenarios (IS) to detect design-vulnerabilities in the software architecture. It reviews security testing approaches, and draws on their limitations in addressing unpredictable behaviour in the face of evolution. The thesis introduces the concept of Security IS as unanticipated architecture. The refinement is test-driven and incremental, where refinements are tested before they are committed. The thesis also presents SecArch, an extension to the IS approach to enhance its search-space to detect hidden race conditions. It is concerned with predicting further valid conditions in the face of real parallelism in distributed systems with respect to non-FIFO queues.The thesis reports on the applications of the proposed approach and its extension to three case studies for testing the security of distributed and cloud architectures in the presence of uncertainty in the operating environment, unpredictability of interaction and possible security IS. The applications demonstrate novelty in the way security testing addresses emergent behaviour in applications which are characterised with dynamism, heterogeneity, openness, scale and unpredictability in operation and their evolution trends.We have drawn on these case studies to evaluate the thesis.

show abstract

Section: Architecture and Design For Security: Development And Evaluatimentioning

confidence: 99%

Section: Functional Testing Chapter 2 Literature Reviewmentioning

confidence: 99%

Architecture-Centric Testing for Security

Al-Azzani

2014

Agile Software Architecture

View full text Add to dashboard Cite

show abstract

“…Abuse cases threaten use cases and serve as a support for developers to elicit security requirements. Developing abuse cases allow software engineers to think from the perspective of attackers, and decide and document a priori how the software should react to illegitimate use [6]. Countermeasures can be developed to mitigate misuse cases in the form of security use cases [7].…”

Section: Introductionmentioning

confidence: 99%

“…However, high expertise and experience in security is required to produce meaningful and useful abuse cases using brainstorming method. It has also been suggested that abuse cases be developed based on a set of requirements and standard use cases, and a list of attack patterns [6]. However, specific processes for developing abuse cases are lacking.…”

Section: Introductionmentioning

confidence: 99%

Developing Abuse Cases Based on Threat Modeling and Attack Patterns

Yuan¹,

Nuakoh²,

Williams³

et al. 2015

JSW

View full text Add to dashboard Cite

Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft's threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.

show abstract

“…An abuse case is a use case from an attacker's perspective with the intent to harm the system, an actor of the system, or a stakeholder [6], [7]. Creating abuse cases allows developers to elicit security requirements, decide and document how the software should react to illegitimate use, and develop countermeasures and mitigations of the abuse cases [8], [9].…”

Section: Introductionmentioning

confidence: 99%

A Method for Developing Abuse Cases and Its Evaluation

Williams¹,

Yuan²,

McDonald³

et al. 2016

JSW

View full text Add to dashboard Cite

Abstract:To develop secure software, software engineers need to have the mindset of attackers. Developing abuse cases can help software engineers to think more like attackers. This paper describes a method for developing abuse cases based on threat modeling, attack patterns, and Common Weakness Enumeration. The method also includes ranking the abuse cases according to their risks. This method intends to help non-experts create abuse cases following a specific process, and leveraging the knowledge bases of threat modeling, attack patterns, and Common Weakness Enumeration. The proposed method was evaluated through two evaluation studies conducted in two secure software engineering courses at two different universities. Evaluation studies show that the proposed method was easier to follow by non-experts in generating abuse cases than brainstorming, and could reduce the time needed for creating abuse cases. Other findings from the evaluation studies are also discussed in the paper.

show abstract

Combining Misuse Cases with Attack Trees and Security Activity Models

Cited by 37 publications

References 18 publications

Architecture-Centric Testing for Security

Architecture-Centric Testing for Security

Developing Abuse Cases Based on Threat Modeling and Attack Patterns

A Method for Developing Abuse Cases and Its Evaluation

Contact Info

Product

Resources

About