Experimental comparison of attack trees and misuse cases for security threat identification

Information and Software Technology

Volumn 51, Issue 5, 2009, Pages 916-932

  Opdahl, Andreas L ^a   Sindre, Guttorm ^b  

^a UNIVERSITY OF BERGEN   (Norway)

^b NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Attack trees; Experiments; Misuse cases; Security modelling; Security requirements; Security threat identification

Indexed keywords

SECURITY SYSTEMS;

ATTACK TREES; MISUSE CASES; SECURITY MODELLING; SECURITY REQUIREMENTS; SECURITY THREAT IDENTIFICATION;

EXPERIMENTS;

EID: 60949097689     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2008.05.013     Document Type: Article

References (50)

1. Alexander I.F. Initial industrial experience of misuse cases in trade-off analysis. In: Pohl K. (Ed). Proceedings of the 10th Anniversary IEEE Joint International Requirements Engineering Conference (RE'02) (2002), IEEE, Essen, Germany
2. Amoroso E.J. Fundamentals of Computer Security Technology (1994), Prentice-Hall, Upper Saddle River, NJ
3. Arisholm E., and Sjøberg D.I.K. Evaluating the effect of a delegated versus centralized control style on the maintainability of object-oriented software. IEEE Transactions on Software Engineering 30 (2004) 521-534
4. Boswell A. Specification and validation of a security policy model. IEEE Transactions on Software Engineering 21 (1995) 63-68
5. G.F. Breivik, Abstract Misuse Patterns - A new approach to security requirements, Masters thesis, Department of Information Science, University of Bergen, N-5020 Norway, Bergen, 2002.
6. Buyens K., Win B.D., and Joosen W. Empirical and statistical analysis of risk analysis driven techniques for threat management. Proceedings of the Second International Conference on Availability Reliability and Security (ARES'07) (2007), IEEE, Vienna 1034-1041
7. Castro J., Kolp M., and Mylopoulos J. Towards requirements-driven information systems engineering: the Tropos project. Information Systems 27 (2002) 356-389
8. CCIMB, Common Criteria for Information Technology Security Evaluation, Common Criteria Implementation Board, Technical Report, CCIMB-99-031, 1999.
9. Davis F.D. Perceived usefulness, perceived ease of use and user acceptance of information technology. MIS Quarterly 13 (1989) 319-340
10. M.H. Diallo, J. Romero-Mariona, S.E. Sim, D.J. Richardson, A comparative evaluation of three approaches to specifying security requirements, in: Proceedings of the REFSQ'06, Luxembourg, 2006.
11. Dimitrakos T., Ritchie B., Raptis D., Aagedal J.Ø., Braber F.d., Stølen K., and Houmb S.H. Integrating model-based security risk management into eBusiness systems development - the CORAS approach. In: Monteiro J.L., Swatman P.M.C., and Tavares L.V. (Eds). Proceedings of the 2nd IFIP Conference on E-Commerce, E-Business, E-Government (I3E'2002) (2003), Kluwer, Lisbon, Portugal 159-175
12. Easterbrook S., Yu E., Aranda J., Fan Y., Horkoff J., Leica M., and Qadir R.A. Do viewpoints lead to better conceptual models? An exploratory case study. In: Atlee J., and Rolland C. (Eds). Proceedings of the 13th IEEE International Conference on Requirements Engineering (RE'05) (2005), IEEE, Paris 199-208
13. S. Ekremsvik, E.M. Tiset, Misbrukstilfeller - utprøving i praksis og evaluering av teknikk, Masters thesis, Department of Computer and Information Science, NTNU, Trondheim, Norway 2004.
14. Field A., and Hole G. How to Design and Report Experiments (2003), SAGE Publications, London
15. Firesmith D. Engineering security requirements. Journal of Object Technology 2 (2003) 53-68
16. Firesmith D. Security use cases. Journal of Object Technology 2 (2003) 53-64
17. D.G. Firesmith, A taxonomy of security-related requirements, in: Proceedings of the International Workshop on High Assurance Systems (RHAS'05), Paris, France, 2005.
18. Gegick M., and Williams L. Matching attack patterns to security vulnerabilities in software-intensive system designs. In: Bruschi D., Win B.D., and Monga M. (Eds). Proceedings of the Software Engineering for Secure Systems (SESS'05) (2005), IEEE, St. Louis
19. Giorgini P., Massacci F., and Mylopoulos J. Requirements engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard. In: Song I., Liddle S.W., Ling T.W., and Scheuermann P. (Eds). Proceedings of the 22nd International Conference on Conceptual Modeling (ER'03), Lecture Notes in Computer Science vol. 2813 (2003), Springer-Verlag, Chicago 263-276
20. Giorgini P., Massacci F., Mylopoulos J., and Zannone N. Modelling security requirements through ownership, permission, and delegation. In: Atlee J., and Rolland C. (Eds). Proceedings of the 13th International Requirements Engineering Conference (2005), IEEE, Paris 167-176
21. Hall A., and Chapman R. Correctness by construction: developing a commercial secure system. IEEE Software 19 (2002) 18-25
22. W.G. Hopkins, A New View of Statistics, University of Queensland, Australia, Technical Report, 2001.
23. Jackson M. Problem Frames (2001), Addison-Wesley, London
24. Jürjens J. UMLsec: extending UML for secure systems development. In: Jezequel J.M., Haussmann H., and Cook S. (Eds). Proceedings of the Unified Modeling Language, 5th International Conference (UML 2002), Lecture Notes in Computer Science vol. 2460 (2002), Springer, Dresden, Germany 412-425
25. Kewley D.L., and Bouchard J.F. DARPA information assurance program dynamic defense experiment summary. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans 31 (2001) 331-336
26. Laleau R., Vignes S., Ledru Y., Lemoine M., Bert D., Donzeau-Gouge V., Dubois C., and Peureux F. Adopting a situational requirements engineering approach for the analysis of civil aviation security standards. Software Process: Improvement and Practice 11 (2006) 487-503
27. Levin D. Lessons learned in using live red teams in IA experiments. Proceedings of the DARPA Information Survivability Conference and Exposition 1 (2003) 110-119
28. Lin L., Nuseibeh B., Ince D., and Jackson M. Using abuse frames to bound the scope of security problems. In: Maiden N.A.M. (Ed). Proceedings of the 12th IEEE International Requirements Engineering Conference (RE'04) (2004), IEEE, Kyoto, Japan
29. Liu L., Yu E., and Mylopoulos J. Security and privacy requirements analysis within a social setting. Proceedings of the 11th International Requirements Engineering Conference (RE'03) (2003), IEEE Press, Monterey Bay, CA 151-160
30. Lodderstedt T., Basin D., and Doser J. SecureUML: a UML-based modeling language for model-driven security. In: Jezequel J.M., Haussmann H., and Cook S. (Eds). Proceedings of the Unified Modeling Language, 5th International Conference (UML 2002), Lecture Notes in Computer Science vol. 2460 (2002), Springer, Dresden, Germany 426-441
31. Massacci F., Prest M., and Zannone N. Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Computer Standards and Interfaces 27 (2005) 445-455
32. Massacci F., and Zannone N. Detecting conflicts between functional and security requirements with secure Tropos: John Rusnak and the Allied Irish Bank. In: Giorgini P., Maiden N.A.M., Mylopoulos J., and Yu E. (Eds). Social Modeling for Requirements Engineering (2006), MIT Press, Cambridge, MA
33. Matulevicius R., and Heymans P. Comparison of goal modelling languages: an experiment. In: Sawyer P., Paech B., and Heymans P. (Eds). Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ'07), Lecture Notes in Computer Science vol. 4542 (2007), Springer, Trondheim, Norway 18-32
34. Mayer N., Heymans P., and Matulevicius R. Design of a modelling language for information system security risk management. In: Rolland C., Pastor O., and Cavarero J.-L. (Eds). Proceedings of the First International Conference on Research Challenges in Information Science (RCIS'07) (2007), IEEE, Ouarzazate, Morocco 121-132
35. McDermott J., and Fox C. Using abuse case models for security requirements analysis. Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC'99) (1999), IEEE CS Press
36. Mylopoulos J., Chung L., and Yu E. From object-oriented to goal-oriented requirements analysis. Communications of the ACM 42 (1999) 31-37
37. M. Mæhre, Industrial experiences with misuse cases, Masters thesis, Department of Computer and Information Science, NTNU, Trondheim, Norway, 2005.
38. Ncube C., Lockerbie J., and Maiden N.A.M. Automatically generating requirements from i* models: a case study with a complex airport operations system. In: Sawyer P., Paech B., and Heymans P. (Eds). Proceedings of the International Working Conference on Requirements Engineering: Foundations for Software Quality (REFSQ'07), Lecture Notes in Computer Science vol. 4542 (2007), Springer, Trondheim, Norway
39. M. Petit, Knowledge map of research in interoperability in the INTEROP NoE, Univ. Namur, Belgium, Project report, Deliverable D1.1, 2004, p. 278.
40. Rodriguez A., Fernandez-Medina E., and Piattini M. Towards an integration of security requirements into business process modeling. In: Fernández-Medina E., Hernández J.C., and García L.J. (Eds). Proceedings of the Third International Workshop on Security in Information Systems (WOSIS) (2005), INSTICC Press, Miami 287-297
41. Rodriguez A., Fernandez-Medina E., and Piattini M. Capturing security requirements in business processes through a UML 2.0 activity diagrams profile. In: Roddick J.F., Richard Benjamins V., Si-Said Cherfi S., Chiang R.H.L., Claramunt C., Elmasri R., Grandi F., Han H., Hepp M., Lytras M.D., Misic V.B., Poels G., Song I.-Y., Trujillo J., and Vangenot C. (Eds). Proceedings of the Advances in Conceptual Modeling - Theory and Practice, ER 2006 Workshops, Lecture Notes in Computer Science vol. 4231 (2006), Springer, Tucson, AZ, USA
42. Schneier B. Secrets and Lies: Digital Security in a Networked World (2000), Wiley, Indianapolis
43. In: Schumacher M., Fernandez E.B., Hybertson D., Buschmann F., and Sommerlad P. (Eds). Security Patterns: Integrating Security and Systems Engineering (2005), J. Wiley & Sons, Chichester, UK
44. Sindre G., and Opdahl A.L. Eliciting security requirements with misuse cases. Requirements Engineering 10 (2005) 34-44
45. Sindre G., Opdahl A.L., and Breivik G.F. Generalization/specialization as a structuring mechanism for misuse cases. Proceedings of the 2nd Symposium for Requirements Engineering for Information Security (SREIS'02) (2002), CERIAS/Purdue, Raleigh, NC
46. Spivey J.M. The Z Notation: A Reference Manual (1992), Prentice-Hall, Upper Saddle River, NJ
47. Stamatiou Y., Skipenes E., Henriksen E., Stathiakis N., Sikianakis A., Charalambous E., Antonakis N., Stølen K., Braber F.d., Lund M.S., Papadaki K., and Valvis G. The CORAS approach for model-based risk management applied to a telemedicine service. Proceedings of the Medical Informatics Europe (MIE'2003) (2003), IOS Press, StMalo, France 206-211
48. T. Stålhane, G. Sindre, A comparison of two approaches to safety analysis based on use cases, Submitted to ER'07, 2007.
49. van Lamsweerde A., Brohez S., De Landtsheer R., and Janssens D. From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Heytmeier C., and Mead N. (Eds). Proceedings of the 2nd International Workshop on Requirements Engineering for High Assurance Systems (RHAS'03) (2003), Carnegie Mellon University, Monterey Bay, CA 49-56
50. Wohlin C., Runeson P., Höst M., Ohlsson M.C., Regnell B., and Wesslén A. Experimentation in Software Engineering: An Introduction (2000), Kluwer Academic, Norwell, MA, USA