Abstract
Misuse cases are a way of modeling negative requirements, that is, behaviors that should not occur in a system. In particular, they can be used to model attacks on a system as well as the security mechanisms needed to avoid them. However, like use cases, misuse cases describe requirements in a high-level and informal manner. This means that, whilst they are easy to understand, they do not lend themselves to testing or analysis. In this paper, we present an executable misuse case modeling language which allows modelers to specify misuse case scenarios in a formal yet intuitive way and to execute the misuse case model in tandem with a corresponding use case model. Misuse scenarios are given in executable form and mitigations are captured using aspect-oriented modeling. The technique is useful for brainstorming potential attacks and their mitigations. Furthermore, the use of aspects allows mitigations to be maintained separately from the core system model. The paper, supported by a UML-based modeling tool, describes an application to two case studies, providing evidence that the technique can support red-teaming of security requirements for realistic systems.
Original language | English |
---|---|
Title of host publication | ICSE'08 |
Subtitle of host publication | Proceedings of the 30th International Conference on Software Engineering 2008 |
Pages | 121-130 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 15 Dec 2008 |
Externally published | Yes |
Event | International Conference on Software Engineering 2008 - Leipzig, Germany Duration: 10 May 2008 → 18 May 2008 Conference number: 30th https://ieeexplore.ieee.org/xpl/conhome/4814109/proceeding (Proceedings) |
Publication series
Name | Proceedings - International Conference on Software Engineering |
---|---|
ISSN (Print) | 0270-5257 |
Conference
Conference | International Conference on Software Engineering 2008 |
---|---|
Abbreviated title | ICSE 2008 |
Country/Territory | Germany |
City | Leipzig |
Period | 10/05/08 → 18/05/08 |
Internet address |
Keywords
- Early aspects
- Misuse cases
- Scenarios