The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Eliciting security requirements with misuse cases
Requirements Engineering
Secure Systems Development with UML
Secure Systems Development with UML
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Aligning mal-activity diagrams and security risk management for security requirements definitions
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Using SMCD to reduce inconsistencies in misuse case models: A subject-based empirical evaluation
Journal of Systems and Software
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Software and Systems Modeling (SoSyM)
Securing business processes using security risk-oriented patterns
Computer Standards & Interfaces
Hi-index | 0.00 |
Security is becoming an increasingly important issue for IT systems, yet it is often dealt with as separate from mainstream systems and software development and in many cases neglected or addressed post-hoc, yielding costly and unsatisfactory solutions. One idea to improve the focus on security might be to include such concerns into mainstream diagram notations used in information systems analysis, and one existing proposal for this is misuse cases, allowing for representation of attack use cases together with the normal legitimate use cases of a system. While this technique has shown much promise, it is not equally useful for all kinds of attack. In this paper we look into another type of technique that could complement misuse cases for early elicitation of security requirements, namely mal-activity diagrams. These allow the inclusion of hostile activities together with legitimate activities in business process models. Through some examples and a small case study, mal-activity diagrams are shown to have strengths in many aspects where misuse cases have weaknesses.