Misuse case-based design and analysis of secure software architecture

Pauli, Joshua J.; Xu, Dianxiang

doi:10.1109/itcc.2005.199

Cited by 23 publications

(22 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[213] A decrease in the number of vulnerabilities is a side effect of verifiable correctness. Correctness can be largely ensured by adopting rigorous formal methods, but at high cost.…”

Section: Section 5 Sdlc Processes and Methods And The Security Of Sofmentioning

confidence: 99%

Software Security Assurance: A State-of-Art Report (SAR)

Goertzel¹,

Winograd²,

McKinley³

et al. 2007

View full text Add to dashboard Cite

“…[213] A decrease in the number of vulnerabilities is a side effect of verifiable correctness. Correctness can be largely ensured by adopting rigorous formal methods, but at high cost.…”

Section: Section 5 Sdlc Processes and Methods And The Security Of Sofmentioning

confidence: 99%

Software Security Assurance: A State-of-Art Report (SAR)

Goertzel¹,

Winograd²,

McKinley³

et al. 2007

View full text Add to dashboard Cite

“…The HIS has many users which may include secretaries, nurses, doctors, pharmacists, IT personnel, business office personnel and administrative personnel [19]. This system can include the following use cases: 1) Secretary entering patient information; 2) Nurse entering preliminary appointment information; 3) Doctor entering appointment findings; 4) Doctor transmitting pharmacy orders to the pharmacy; 5) Pharmacist receiving pharmacy order.…”

Section: Developing Abuse Casesmentioning

confidence: 99%

Developing Abuse Cases Based on Threat Modeling and Attack Patterns

Yuan¹,

Nuakoh²,

Williams³

et al. 2015

JSW

View full text Add to dashboard Cite

Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft's threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.

show abstract

“…Research including [137,162], looks into ensuring that security requirements specified during the requirement phase are maintained in the architecture, such that the best-fitting architecture is selected with respect to the security requirements. In [137], Pauli et al employs use cases/misuse cases to systematically identify potential malicious behaviours in the architecture.…”

Section: Traceability and Conformancementioning

confidence: 99%

“…In [137], Pauli et al employs use cases/misuse cases to systematically identify potential malicious behaviours in the architecture. However, like many use case/misuse case-based approaches, the composition of functionality and its impact on security is rarely addressed at this level; instead, a component-based approach is considered in which each component is checked to ensure that it fulfils its role in achieving a security property (eg, privacy of data).…”

Section: Traceability and Conformancementioning

confidence: 99%

“…Tondel et al [179] looked into linking misuse cases and attack trees to obtain a high-level view of the threats towards a system through misuse case diagrams, and established a more detailed view on each threat through the employment of attack trees. The work produced by Karpati et al [93] and [137] took the application of misuse cases further by integrating security threats into the architecture, supporting the transition from requirement specifications to high-level design, and vice versa. The drawback in [93] is that it requires creating a detailed map of the vulnerability.…”

Section: Functional Testing Chapter 2 Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Architecture-Centric Testing for Security

Al-Azzani

2014

Agile Software Architecture

View full text Add to dashboard Cite

This thesis presents a novel architecture-centric approach, which uses Implied Scenarios (IS) to detect design-vulnerabilities in the software architecture. It reviews security testing approaches, and draws on their limitations in addressing unpredictable behaviour in the face of evolution. The thesis introduces the concept of Security IS as unanticipated architecture. The refinement is test-driven and incremental, where refinements are tested before they are committed. The thesis also presents SecArch, an extension to the IS approach to enhance its search-space to detect hidden race conditions. It is concerned with predicting further valid conditions in the face of real parallelism in distributed systems with respect to non-FIFO queues.The thesis reports on the applications of the proposed approach and its extension to three case studies for testing the security of distributed and cloud architectures in the presence of uncertainty in the operating environment, unpredictability of interaction and possible security IS. The applications demonstrate novelty in the way security testing addresses emergent behaviour in applications which are characterised with dynamism, heterogeneity, openness, scale and unpredictability in operation and their evolution trends.We have drawn on these case studies to evaluate the thesis.

show abstract

Misuse case-based design and analysis of secure software architecture

Cited by 23 publications

References 6 publications

Software Security Assurance: A State-of-Art Report (SAR)

Software Security Assurance: A State-of-Art Report (SAR)

Developing Abuse Cases Based on Threat Modeling and Attack Patterns

Architecture-Centric Testing for Security

Contact Info

Product

Resources

About