Executable misuse cases for modeling security concerns

Jon Whittle, Duminda Wijesekera, Mark Hartong

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

50 Citations (Scopus)

Abstract

Misuse cases are a way of modeling negative requirements, that is, behaviors that should not occur in a system. In particular, they can be used to model attacks on a system as well as the security mechanisms needed to avoid them. However, like use cases, misuse cases describe requirements in a high-level and informal manner. This means that, whilst they are easy to understand, they do not lend themselves to testing or analysis. In this paper, we present an executable misuse case modeling language which allows modelers to specify misuse case scenarios in a formal yet intuitive way and to execute the misuse case model in tandem with a corresponding use case model. Misuse scenarios are given in executable form and mitigations are captured using aspect-oriented modeling. The technique is useful for brainstorming potential attacks and their mitigations. Furthermore, the use of aspects allows mitigations to be maintained separately from the core system model. The paper, supported by a UML-based modeling tool, describes an application to two case studies, providing evidence that the technique can support red-teaming of security requirements for realistic systems.

Original languageEnglish
Title of host publicationICSE'08
Subtitle of host publicationProceedings of the 30th International Conference on Software Engineering 2008
Pages121-130
Number of pages10
DOIs
Publication statusPublished - 15 Dec 2008
Externally publishedYes
EventInternational Conference on Software Engineering 2008 - Leipzig, Germany
Duration: 10 May 200818 May 2008
Conference number: 30th
https://ieeexplore.ieee.org/xpl/conhome/4814109/proceeding (Proceedings)

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

ConferenceInternational Conference on Software Engineering 2008
Abbreviated titleICSE 2008
Country/TerritoryGermany
CityLeipzig
Period10/05/0818/05/08
Internet address

Keywords

  • Early aspects
  • Misuse cases
  • Scenarios

Cite this