ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Executable misuse cases for modeling security concerns
Full text PdfPdf (341 KB)
Source
International Conference on Software Engineering archive
Proceedings of the 30th international conference on Software engineering table of contents
Leipzig, Germany
SESSION: Specification II table of contents
Pages 121-130  
Year of Publication: 2008
ISBN:978-1-60558-079-1
Authors
Jon Whittle  Lancaster University, Lancaster, Gt Britain
Duminda Wijesekera  George Mason University, Fairfax, VA, USA
Mark Hartong  Federal Railroad Administration, Washington, DC, USA
Sponsors
ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 34,   Downloads (12 Months): 314,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1368088.1368106
What is a DOI?

ABSTRACT

Misuse cases are a way of modeling negative requirements, that is, behaviors that should not occur in a system. In particular, they can be used to model attacks on a system as well as the security mechanisms needed to avoid them. However, like use cases, misuse cases describe requirements in a high-level and informal manner. This means that, whilst they are easy to understand, they do not lend themselves to testing or analysis. In this paper, we present an executable misuse case modeling language which allows modelers to specify misuse case scenarios in a formal yet intuitive way and to execute the misuse case model in tandem with a corresponding use case model. Misuse scenarios are given in executable form and mitigations are captured using aspect-oriented modeling. The technique is useful for brainstorming potential attacks and their mitigations. Furthermore, the use of aspects allows mitigations to be maintained separately from the core system model. The paper, supported by a UML-based modeling tool, describes an application to two case studies, providing evidence that the technique can support red-teaming of security requirements forn realistic systems.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
I. Alexander, "Misuse cases: use cases with hostile intent," IEEE Software, vol. 20, pp. 58--66, Jan./Feb. 2003.
 
2
Guttorm Sindre , Andreas L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering, v.10 n.1, p.34-44, January 2005  [doi>10.1007/s00766-004-0194-4]
 
3
Ian F. Alexander, Initial Industrial Experience of Misuse Cases in Trade-Off Analysis, Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering, p.61-70, September 09-13, 2002
 
4
J. Whittle, "Specifying Precise Use Cases with Use Case Charts," in MoDELS Satellite Events (Revised Selected Papers). vol. 3844, J.-M. Bruel, Ed. Montego Bay, Jamaica: Springer-Verlag, pp. 290--301.
 
5
J. Whittle, "Precise Specification of Use Case Scenarios," in Fundamental Approaches to Software Engineering (FASE07). vol. LNCS 4422 Braga, Portugal: Springer, 2007, pp. 170--184.
 
6
Joao Araujo , Jon Whittle , Dae-Kyoo Kim, Modeling and Composing Scenario-Based Requirements with Aspects, Proceedings of the Requirements Engineering Conference, 12th IEEE International, p.58-67, September 06-10, 2004  [doi>10.1109/RE.2004.32]
 
7
J. Whittle, A. Moreira, J. Araújo, R. Rabbi, P. Jayaraman, and A. Elkhodary, "An Expressive Aspect Composition Language for UML State Diagrams," in International Conference on Model Driven Engineering, Languages and Systems (MODELS), Nashville, TN, 2007, pp. 514--528.
8
Jon Whittle , João Araújo , Ana Moreira, Composing aspect models with graph transformations, Proceedings of the 2006 international workshop on Early aspects at ICSE, May 21-21, 2006, Shanghai, China  [doi>10.1145/1137639.1137649]
 
9
Jon Whittle , Praveen K. Jayaraman, Generating Hierarchical State Machines from Use Case Charts, Proceedings of the 14th IEEE International Requirements Engineering Conference (RE'06), p.16-25, September 11-15, 2006  [doi>10.1109/RE.2006.25]
 
10
Praveen K. Jayaraman , Jon Whittle, UCSIM: A Tool for Simulating Use Case Scenarios, Companion to the proceedings of the 29th International Conference on Software Engineering, p.43-44, May 20-26, 2007  [doi>10.1109/ICSECOMPANION.2007.80]
 
11
J. Whittle and P. Jayaraman, "MATA: A Tool for Aspect-Oriented Modeling based on Graph Transformation," in Workshop on Aspect Oriented Modeling at the International MODELS Conference, Nashville, TN, 2007.
 
12
T. Kohno, A. Stubblefield, A. Rubin, and D. Wallach, "Analysis of an Electronic Voting System," in IEEE Symposium on Security and Privacy: IEEE Computer Society Press, 2004, pp. 27--40.
 
13
OMG, "Unified Modeling Language 2.1.1 Specification (05-07-04)," http://www.omg.org, Specification 2007.
 
14
P. Jayaraman, J. Whittle, A. Elkhodary, and H. Gomaa, "Model Composition in Product Lines and Feature Interaction Detection using Critical Pair Analysis," in International Conference on Model Driven Engineering, Languages and Systems (MODELS), Nashville, TN, 2007.
 
15
G. Taentzer, "AGG: A Graph Transformation Environment for Modeling and Validation of Software," in Conference on Applications of Graph Transformations with Industrial Relevance (AGTIVE), Charlottesville, VA, 2003, pp. 446--453.
16
Jon Whittle , Johann Schumann, Generating statechart designs from scenarios, Proceedings of the 22nd international conference on Software engineering, p.314-323, June 04-11, 2000, Limerick, Ireland  [doi>10.1145/337180.337217]
 
17
J. Howard and T. Longstaff, "A Common Language for Computer Security Incidents," Sandia National Laboratories 1998.
 
18
"Information Assurance Technical Framework (IATF), Release 3.1," Information Assurance Solutions, US National Security Agency, Fort Meade, MD Sep. 2002.
 
19
M. Hartong, R. Goel, and D. Wijesekera, "Use Misuse Case Driven Forensic Analysis of Positive Train Control: A Preliminary Study," in 2nd IFIP WG 11.9 International Conference on Digital Forensics Orlando, FL.
 
20
Frank Swiderski , Window Snyder, Threat Modeling, Microsoft Press, Redmond, WA, 2004
 
21
Gary McGraw, Software Security: Building Security In, Addison-Wesley Professional, 2006
 
22
John McDermott , Chris Fox, Using Abuse Case Models for Security Requirements Analysis, Proceedings of the 15th Annual Computer Security Applications Conference, p.55, December 06-10, 1999
 
23
G. Sindre and A. Opdahl, "Templates for Misuse Case Description," in 7th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ) Switzerland, 2001.
 
24
I. Alexander, "Scenario Plus Use Case Toolkit (http://www.scenarioplus.org.uk/)," 2005.
 
25
N. Mead, "Identifying Security Requirements Using the SQUARE Method," Integrating Security and Software Engineering: Advances and Future Visions, pp. 44--69, 2006.
 
26
Axel van Lamsweerde, Elaborating Security Requirements by Construction of Intentional Anti-Models, Proceedings of the 26th International Conference on Software Engineering, p.148-157, May 23-28, 2004
 
27
Fabio Massacci , John Mylopoulos , Nicola Zannone, Computer-aided Support for Secure Tropos, Automated Software Engineering, v.14 n.3, p.341-364, September 2007  [doi>10.1007/s10515-007-0013-5]
 
28
Lin Liu , Eric Yu , John Mylopoulos, Security and Privacy Requirements Analysis within a Social Setting, Proceedings of the 11th IEEE International Conference on Requirements Engineering, p.151, September 08-12, 2003
 
29
L. Liu and E. Yu, "From Requirements to Architectural Design: Using Goals and Scenarios," in ICSE 2001 Workshop: From Software Requirements to Architectures, pp. 22--30.
 
30
B. Schneier, "Modeling Security Threats," in Dr. Dobb's Journal, 1999.
 
31
Dae-Kyoo Kim , Priya Gokhale, A Pattern-Based Technique for Developing UML Models of Access Control Systems, Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC'06), p.317-324, September 17-21, 2006  [doi>10.1109/COMPSAC.2006.14]
32
Eunjee Song , Raghu Reddy , Robert France , Indrakshi Ray , Geri Georg , Roger Alexander, Verifiable composition of access control and application features, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1064001]

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Languages

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Elicitation methods (e.g., rapid prototyping, interviews, JAD)


General Terms:
Languages, Security


Keywords:
aspect scenarios, misuse cases

Collaborative Colleagues:
Jon Whittle: colleagues
Duminda Wijesekera: colleagues
Mark Hartong: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player