Executable misuse cases for modeling security concerns

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2008, Pages 121-130

  Whittle, Jon ^a   Wijesekera, Duminda ^b   Hartong, Mark ^c  

^a LANCASTER UNIVERSITY   (United Kingdom)

^b George Mason University   (United States)

^c FEDERAL RAILROAD ADMINISTRATION   (United States)

Author keywords

Early aspects; Misuse cases; Scenarios

Indexed keywords

ASPECT-ORIENTED MODELING; CORE SYSTEMS; EARLY ASPECTS; MISUSE CASES; MODELING LANGUAGES; MODELING TOOLS; POTENTIAL ATTACKS; REALISTIC SYSTEMS; SCENARIOS; SECURITY MECHANISMS; SECURITY REQUIREMENTS; USE CASE MODELS; ASPECT ORIENTED MODELING; MISUSE CASE; MODELING TOOL; POTENTIAL ATTACK; SECURITY MECHANISM; USE CASE MODEL;

DECISION MAKING; MODEL STRUCTURES; SOFTWARE ENGINEERING; COMPUTER SOFTWARE; FORMAL LOGIC;

FORMAL LOGIC; MATHEMATICAL MODELS;

EID: 57349132966     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1368088.1368106     Document Type: Conference Paper

References (32)

1. I. Alexander, "Misuse cases: use cases with hostile intent," IEEE Software, vol. 20, pp. 58-66, Jan./Feb. 2003.
2. G. Sindre and A. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering, vol. 10, pp. 34-44, Jan. 2005.
3. I. Alexander, "Initial Industrial Experience of Misuse Cases in Trade-off Analysis," in International Conference on Requirements Engineering Essen, Germany: IEEE Computer Society, pp. 61-70.
4. J. Whittle, "Specifying Precise Use Cases with Use Case Charts," in Mo DELS Satellite Events (Revised Selected Papers). vol. 3844, J.-M. Bruel, Ed. Montego Bay, Jamaica: Springer-Verlag, pp. 290-301.
5. J. Whittle, "Precise Specification of Use Case Scenarios," in Fundamental Approaches to Software Engineering (FASE07). vol. LNCS 4422 Braga, Portugal: Springer, 2007, pp. 170-184.
6. J. Araújo, J. Whittle, and D.-K. Kim, "Modeling and Composing Scenario-Based Requirements with Aspects," in International Conference on Requirements Engineering Kyoto, Japan, 2004, pp. 58-67.
7. J. Whittle, A. Moreira, J. Araújo, R. Rabbi, P. Jayaraman, and A. Elkhodary, "An Expressive Aspect Composition Language for UML State Diagrams," in International Conference on Model Driven Engineering, Languages and Systems (MODELS), Nashville, TN, 2007, pp. 514-528.
8. J. Whittle, J. Araújo, and A. Moreira, "Composing Aspect Models with Graph Transformations," in Workshop on Early Aspects at ICSE: ACM Press, 2006, pp. 59-65.
9. J. Whittle and P. Jayaraman, "Generating Hierarchical Finite State Machines from Use Case Charts," in 14th IEEE International Conference on Requirements Engineering (RE'06) Minneapolis, 2006, pp. 16-25.
10. P. Jayaraman and J. Whittle, "UCSIM: A tool for simulating use case scenarios," in Companion to the 29th International Conference on Software Engineering (ICSE) Minneapolis, 2007, pp. 43-44.
11. J. Whittle and P. Jayaraman, "MATA: A Tool for Aspect-Oriented Modeling based on Graph Transformation," in Workshop on Aspect Oriented Modeling at the International MODELS Conference, Nashville, TN, 2007.
12. T. Kohno, A. Stubblefield, A. Rubin, and D. Wallach, "Analysis of an Electronic Voting System," in IEEE Symposium on Security and Privacy: IEEE Computer Society Press, 2004, pp. 27-40.
13. OMG, "Unified Modeling Language 2.1.1 Specification (05-07-04)," http://www.omg.org, Specification 2007.
14. P. Jayaraman, J. Whittle, A. Elkhodary, and H. Gomaa, "Model Composition in Product Lines and Feature Interaction Detection using Critical Pair Analysis," in International Conference on Model Driven Engineering, Languages and Systems (MODELS), Nashville, TN, 2007.
15. G. Taentzer, "AGG: A Graph Transformation Environment for Modeling and Validation of Software," in Conference on Applications of Graph Transformations with Industrial Relevance (AGTIVE), Charlottesville, VA, 2003, pp. 446-453.
16. J. Whittle and J. Schumann, "Generating statechart designs from scenarios," in 22nd International Conference on Software Engineering Limerick, Ireland: ACM Press, 2000, pp. 314-323.
17. J. Howard and T. Longstaff, "A Common Language for Computer Security Incidents," Sandia National Laboratories 1998.
18. "Information Assurance Technical Framework (IATF), Release 3.1," Information Assurance Solutions, US National Security Agency, Fort Meade, MD Sep. 2002.
19. M. Hartong, R. Goel, and D. Wijesekera, "Use Misuse Case Driven Forensic Analysis of Positive Train Control: A Preliminary Study," in 2nd IFIP WG 11.9 International Conference on Digital Forensics Orlando, FL.
20. F. Swiderski and W. Snyder, Threat Modeling: Microsoft Professional, 2004.
21. G. McGraw, Software Security: Building Security In: Addison Wesley, 2006.
22. J. McDermott, "Using abuse case models for security requirements analysis," in 15th Annual Computer Security Applications Conference, 1999, pp. 55-64.
23. G. Sindre and A. Opdahl, "Templates for Misuse Case Description," in 7th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ) Switzerland, 2001.
24. I. Alexander, "Scenario Plus Use Case Toolkit (http://www. scenarioplus.org.uk/)," 2005.
25. N. Mead, "Identifying Security Requirements Using the SQUARE Method," Integrating Security and Software Engineering: Advances and Future Visions, pp. 44-69, 2006.
26. A. van Lamsweerde, "Elaborating Security by Construction of Intentional Anti-Models," in International Conference on Software Engineering (ICSE), 2004, pp. 148-157.
27. F. Massaci, J. Mylopoulos, and N. Zannone, "Computer-Aided Support for Secure Tropos," Automated Software Engineering, vol. 14, pp. 341-364, 2007.
28. L. Liu, E. Yu, and J. Mylopoulos, "Security and Privacy Requirements Analysis within a Social Setting," in 11th IEEE International Requirements Engineering Conference Monterey Bay, CA, 2003.
29. L. Liu and E. Yu, "From Requirements to Architectural Design: Using Goals and Scenarios," in ICSE 2001 Workshop: From Software Requirements to Architectures, pp. 22-30.
30. B. Schneier, "Modeling Security Threats," in Dr. Dobb's Journal, 1999.
31. D. K. Kim, "A Pattern-Based Technique for Developing UML Models of Access Control Systems," in 30th Annual International Computer Software and Applications Conference (COMPSAC) Chicago, IL, 2006, pp. 317-324.
32. E. Song, R. Reddy, R. B. France, I. Ray, G. Georg, and R. Alexander, "Verifiable Composition of Access Control and Application Features," in ACM Symposium on Access Control Models and Technologies (SACMAT) Stockholm, Sweden, 2005, pp. 120-129.