Essential modeling: use cases for user interfaces
interactions
Applying use cases: a practical guide
Applying use cases: a practical guide
Use case driven object modeling with UML: a practical approach
Use case driven object modeling with UML: a practical approach
Use cases: requirements in context
Use cases: requirements in context
Advanced use case modeling: software systems
Advanced use case modeling: software systems
Writing Effective Use Cases
Use Case Modeling
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Scenarios in System Development: Current Practice
IEEE Software
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
The rational unified process made easy: a practitioner's guide to the RUP
The rational unified process made easy: a practitioner's guide to the RUP
Security-Critical System Development with Extended Use Cases
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Eliciting security requirements with misuse cases
Requirements Engineering
Introducing Security Aspects with Model Transformations
ECBS '05 Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
The Definitive ANTLR Reference: Building Domain-Specific Languages
The Definitive ANTLR Reference: Building Domain-Specific Languages
SCESM '07 Proceedings of the Sixth International Workshop on Scenarios and State Machines
Computer-aided Support for Secure Tropos
Automated Software Engineering
Transforming Timeline Specifications into Automata for Runtime Monitoring
Applications of Graph Transformations with Industrial Relevance
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Secure Systems Development with UML
Secure Systems Development with UML
A model transformation semantics and analysis methodology for SecureUML
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
A case study based comparison of ATL and SDM
AGTIVE'11 Proceedings of the 4th international conference on Applications of Graph Transformations with Industrial Relevance
| Hi-index | 0.00 |
Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.