Mal-activity diagrams for capturing attacks on business processes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4542 LNCS, Issue , 2007, Pages 355-366

  Sindre, Guttorm ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Activity diagrams; Business processes; Fraud; Security requirements; Social engineering

Indexed keywords

COSTS; MATHEMATICAL MODELS; SOFTWARE ENGINEERING;

ACTIVITY DIAGRAMS; MAINSTREAM DIAGRAM NOTATIONS; SECURITY REQUIREMENTS; SOCIAL ENGINEERING;

ADMINISTRATIVE DATA PROCESSING;

EID: 38149121542     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-73031-6_27     Document Type: Conference Paper

References (12)

1. Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting. 11th International Requirements Engineering Conference (RE'03), Monterey Bay, CA, 8-12 September, pp. 151-160. IEEE Press, New York (2003)
2. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10, 34-44 (2005)
3. van Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: Froim System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Heytmeier, C., Mead, N. (eds.) 2nd International Workshop on Requirements Engineering for High Assurance Systems (RHAS'03), Carnegie Mellon University, September 8, pp. 49-56. Monterey Bay, CA (2003)
4. Haley, C.B., Moffett, J., Laney, R., Nuseibeh, B.: Arguing Security: Validating Security Requirements Using Structured Argumentation. 3rd Symposium on Requirements Engineering for Information Security (SREIS 2005), Paris, France, (August 29, 2005)
5. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools. LNCS, vol. 2460, pp. 426-441. Springer, Heidelberg (2002)
6. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
7. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In: Henderson-Sellers, B., Meyer, B. (eds.) TOOLS Pacific 2000, Sydney, pp. 120-131. IEEE CS Press, Los Alamitos (2000)
8. Jackson, M.: Problem Frames. Addison-Wesley, London (2001)
9. Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley Publishing, Inc, Indianapolis (2002)
10. Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using Abuse Frames to Bound the Scope of Security Problems. In: Maiden, N.A.M. (ed.) 12th IEEE International Requirements Engineering Conference (RE'04), Kyoto, Japan, IEEE (2004)
11. Diallo, M.H., Romero-Mariona, J., Sim, S.E., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. REFSQ'06, Luxembourg (2006)
12. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Capturing Security Requirements in Business Processes through a UML 2. In: Roddick, J.F., Benjamins, V.R., Si-Saïd Cherfi, S., Chiang, R., Claramunt, C., Elmasri, R., Grandi, F., Han, H., Hepp, M., Lytras, M., Mišić, V.B., Poels, G., Song, I.-Y., Trujillo, J., Vangenot, C. (eds.) ER 2006 Workshops. LNCS, vol. 4231, pp. 6-9. Springer, Heidelberg (2006)