메뉴 건너뛰기




Volumn 51, Issue 5, 2009, Pages 916-932

Experimental comparison of attack trees and misuse cases for security threat identification

Author keywords

Attack trees; Experiments; Misuse cases; Security modelling; Security requirements; Security threat identification

Indexed keywords

SECURITY SYSTEMS;

EID: 60949097689     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2008.05.013     Document Type: Article
Times cited : (105)

References (50)
  • 3
    • 4344598248 scopus 로고    scopus 로고
    • Evaluating the effect of a delegated versus centralized control style on the maintainability of object-oriented software
    • Arisholm E., and Sjøberg D.I.K. Evaluating the effect of a delegated versus centralized control style on the maintainability of object-oriented software. IEEE Transactions on Software Engineering 30 (2004) 521-534
    • (2004) IEEE Transactions on Software Engineering , vol.30 , pp. 521-534
    • Arisholm, E.1    Sjøberg, D.I.K.2
  • 4
    • 0029253405 scopus 로고
    • Specification and validation of a security policy model
    • Boswell A. Specification and validation of a security policy model. IEEE Transactions on Software Engineering 21 (1995) 63-68
    • (1995) IEEE Transactions on Software Engineering , vol.21 , pp. 63-68
    • Boswell, A.1
  • 7
    • 0036721855 scopus 로고    scopus 로고
    • Towards requirements-driven information systems engineering: the Tropos project
    • Castro J., Kolp M., and Mylopoulos J. Towards requirements-driven information systems engineering: the Tropos project. Information Systems 27 (2002) 356-389
    • (2002) Information Systems , vol.27 , pp. 356-389
    • Castro, J.1    Kolp, M.2    Mylopoulos, J.3
  • 8
    • 60949094533 scopus 로고    scopus 로고
    • Common Criteria for Information Technology Security Evaluation, Common Criteria Implementation Board
    • CCIMB, Technical Report, CCIMB-99-031
    • CCIMB, Common Criteria for Information Technology Security Evaluation, Common Criteria Implementation Board, Technical Report, CCIMB-99-031, 1999.
    • (1999)
  • 9
    • 55249087535 scopus 로고
    • Perceived usefulness, perceived ease of use and user acceptance of information technology
    • Davis F.D. Perceived usefulness, perceived ease of use and user acceptance of information technology. MIS Quarterly 13 (1989) 319-340
    • (1989) MIS Quarterly , vol.13 , pp. 319-340
    • Davis, F.D.1
  • 18
    • 85085406935 scopus 로고    scopus 로고
    • Matching attack patterns to security vulnerabilities in software-intensive system designs
    • Bruschi D., Win B.D., and Monga M. (Eds), IEEE, St. Louis
    • Gegick M., and Williams L. Matching attack patterns to security vulnerabilities in software-intensive system designs. In: Bruschi D., Win B.D., and Monga M. (Eds). Proceedings of the Software Engineering for Secure Systems (SESS'05) (2005), IEEE, St. Louis
    • (2005) Proceedings of the Software Engineering for Secure Systems (SESS'05)
    • Gegick, M.1    Williams, L.2
  • 19
    • 0142156745 scopus 로고    scopus 로고
    • Requirements engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard
    • Song I., Liddle S.W., Ling T.W., and Scheuermann P. (Eds), Springer-Verlag, Chicago
    • Giorgini P., Massacci F., and Mylopoulos J. Requirements engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard. In: Song I., Liddle S.W., Ling T.W., and Scheuermann P. (Eds). Proceedings of the 22nd International Conference on Conceptual Modeling (ER'03), Lecture Notes in Computer Science vol. 2813 (2003), Springer-Verlag, Chicago 263-276
    • (2003) Proceedings of the 22nd International Conference on Conceptual Modeling (ER'03), Lecture Notes in Computer Science , vol.2813 , pp. 263-276
    • Giorgini, P.1    Massacci, F.2    Mylopoulos, J.3
  • 21
    • 0036149234 scopus 로고    scopus 로고
    • Correctness by construction: developing a commercial secure system
    • Hall A., and Chapman R. Correctness by construction: developing a commercial secure system. IEEE Software 19 (2002) 18-25
    • (2002) IEEE Software , vol.19 , pp. 18-25
    • Hall, A.1    Chapman, R.2
  • 22
    • 60949093361 scopus 로고    scopus 로고
    • W.G. Hopkins, A New View of Statistics, University of Queensland, Australia, Technical Report, 2001.
    • W.G. Hopkins, A New View of Statistics, University of Queensland, Australia, Technical Report, 2001.
  • 31
    • 17744386721 scopus 로고    scopus 로고
    • Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation
    • Massacci F., Prest M., and Zannone N. Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Computer Standards and Interfaces 27 (2005) 445-455
    • (2005) Computer Standards and Interfaces , vol.27 , pp. 445-455
    • Massacci, F.1    Prest, M.2    Zannone, N.3
  • 32
    • 33746078483 scopus 로고    scopus 로고
    • Detecting conflicts between functional and security requirements with secure Tropos: John Rusnak and the Allied Irish Bank
    • Giorgini P., Maiden N.A.M., Mylopoulos J., and Yu E. (Eds), MIT Press, Cambridge, MA
    • Massacci F., and Zannone N. Detecting conflicts between functional and security requirements with secure Tropos: John Rusnak and the Allied Irish Bank. In: Giorgini P., Maiden N.A.M., Mylopoulos J., and Yu E. (Eds). Social Modeling for Requirements Engineering (2006), MIT Press, Cambridge, MA
    • (2006) Social Modeling for Requirements Engineering
    • Massacci, F.1    Zannone, N.2
  • 36
    • 0010920417 scopus 로고    scopus 로고
    • From object-oriented to goal-oriented requirements analysis
    • Mylopoulos J., Chung L., and Yu E. From object-oriented to goal-oriented requirements analysis. Communications of the ACM 42 (1999) 31-37
    • (1999) Communications of the ACM , vol.42 , pp. 31-37
    • Mylopoulos, J.1    Chung, L.2    Yu, E.3
  • 37
    • 60949090741 scopus 로고    scopus 로고
    • Masters thesis, Department of Computer and Information Science, NTNU, Trondheim, Norway
    • M. Mæhre, Industrial experiences with misuse cases, Masters thesis, Department of Computer and Information Science, NTNU, Trondheim, Norway, 2005.
    • (2005) Industrial experiences with misuse cases
    • Mæhre, M.1
  • 39
    • 60949086125 scopus 로고    scopus 로고
    • M. Petit, Knowledge map of research in interoperability in the INTEROP NoE, Univ. Namur, Belgium, Project report, Deliverable D1.1, 2004, p. 278.
    • M. Petit, Knowledge map of research in interoperability in the INTEROP NoE, Univ. Namur, Belgium, Project report, Deliverable D1.1, 2004, p. 278.
  • 41
    • 33845208648 scopus 로고    scopus 로고
    • Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
    • Roddick J.F., Richard Benjamins V., Si-Said Cherfi S., Chiang R.H.L., Claramunt C., Elmasri R., Grandi F., Han H., Hepp M., Lytras M.D., Misic V.B., Poels G., Song I.-Y., Trujillo J., and Vangenot C. (Eds), Springer, Tucson, AZ, USA
    • Rodriguez A., Fernandez-Medina E., and Piattini M. Capturing security requirements in business processes through a UML 2.0 activity diagrams profile. In: Roddick J.F., Richard Benjamins V., Si-Said Cherfi S., Chiang R.H.L., Claramunt C., Elmasri R., Grandi F., Han H., Hepp M., Lytras M.D., Misic V.B., Poels G., Song I.-Y., Trujillo J., and Vangenot C. (Eds). Proceedings of the Advances in Conceptual Modeling - Theory and Practice, ER 2006 Workshops, Lecture Notes in Computer Science vol. 4231 (2006), Springer, Tucson, AZ, USA
    • (2006) Proceedings of the Advances in Conceptual Modeling - Theory and Practice, ER 2006 Workshops, Lecture Notes in Computer Science , vol.4231
    • Rodriguez, A.1    Fernandez-Medina, E.2    Piattini, M.3
  • 43
    • 33750050331 scopus 로고    scopus 로고
    • Schumacher M., Fernandez E.B., Hybertson D., Buschmann F., and Sommerlad P. (Eds), J. Wiley & Sons, Chichester, UK
    • In: Schumacher M., Fernandez E.B., Hybertson D., Buschmann F., and Sommerlad P. (Eds). Security Patterns: Integrating Security and Systems Engineering (2005), J. Wiley & Sons, Chichester, UK
    • (2005) Security Patterns: Integrating Security and Systems Engineering
  • 44
    • 13644252644 scopus 로고    scopus 로고
    • Eliciting security requirements with misuse cases
    • Sindre G., and Opdahl A.L. Eliciting security requirements with misuse cases. Requirements Engineering 10 (2005) 34-44
    • (2005) Requirements Engineering , vol.10 , pp. 34-44
    • Sindre, G.1    Opdahl, A.L.2


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.