Threat scenario-based security risk analysis using use case modeling in information systems

Authors:
Young-Gab Kim;Sungdeok Cha
Affiliations:
Center for Engineering and Education of Dependable Software, College of Information and Communication, Korea University, Seoul, Korea;Center for Engineering and Education of Dependable Software, College of Information and Communication, Korea University, Seoul, Korea
Venue:
Security and Communication Networks
Year:
2012

Citing 12
Cited 0

The Unified Modeling Language user guide

The Unified Modeling Language user guide
The unified software development process

The unified software development process
Real-time UML (2nd ed.): developing efficient objects for embedded systems

Real-time UML (2nd ed.): developing efficient objects for embedded systems
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Translating Use Cases to Sequence Diagrams

ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
UML Distilled: A Brief Guide to the Standard Object Modeling Language

UML Distilled: A Brief Guide to the Standard Object Modeling Language
Abuse-Case-Based Assurance Arguments

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Deriving Safety Requirements Using Scenarios

RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
An aspect-oriented methodology for designing secure applications

Information and Software Technology
Aspect-Oriented risk driven development of secure applications

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A security risk analysis model for information systems

AsiaSim'04 Proceedings of the Third Asian simulation conference on Systems Modeling and Simulation: theory and applications
SP 800-30. Risk Management Guide for Information Technology Systems

SP 800-30. Risk Management Guide for Information Technology Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented. Copyright © 2011 John Wiley & Sons, Ltd.