Combining Misuse Cases with Attack Trees and Security Activity Models

A
ARES
2010
2010 International Conference on Availability, Reliability and Security
Abstract - Combining Misuse Cases with Attack Trees and Security Activity Models

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Inger Anne Tøndel Articles by Jostein Jensen Articles by Lillian Røstad

2010 International Conference on Availability, Reliability and Security

Krakow, Poland

February 15-February 18

ISBN: 978-0-7695-3965-2

	ASCII Text	x
	Inger Anne Tøndel, Jostein Jensen, Lillian Røstad, "Combining Misuse Cases with Attack Trees and Security Activity Models," Availability, Reliability and Security, International Conference on, pp. 438-445, 2010 International Conference on Availability, Reliability and Security, 2010.

	BibTex	x
	@article{ 10.1109/ARES.2010.101, author = {Inger Anne Tøndel and Jostein Jensen and Lillian Røstad}, title = {Combining Misuse Cases with Attack Trees and Security Activity Models}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2010}, isbn = {978-0-7695-3965-2}, pages = {438-445}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2010.101}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Combining Misuse Cases with Attack Trees and Security Activity Models SN - 978-0-7695-3965-2 SP438 EP445 A1 - Inger Anne Tøndel, A1 - Jostein Jensen, A1 - Lillian Røstad, PY - 2010 KW - security KW - requirements KW - threat models KW - attack tree KW - misuse case VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Inger Anne Tøndel

Jostein Jensen

Lillian Røstad

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2010.101

Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model types. In this paper we present how misuse cases and attack trees can be linked to get a high-level view of the threats towards a system through misuse case diagrams and a more detailed view on each threat through attack trees. Further, we introduce links to security activity descriptions in the form of UML activity graphs. These can be used to describe mitigating security activities for each identified threat. The linking of different models makes most sense when security modeling is supported by tools, and we present the concept of a security repository that is being built to store models and relations such as those presented in this paper.

Index Terms:

security, requirements, threat models, attack tree, misuse case

Citation:

Inger Anne Tøndel, Jostein Jensen, Lillian Røstad, "Combining Misuse Cases with Attack Trees and Security Activity Models," ares, pp.438-445, 2010 International Conference on Availability, Reliability and Security, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.