Comparing two techniques for intrusion visualization

Lecture Notes in Business Information Processing

Volumn 68 LNBIP, Issue , 2010, Pages 1-15

  Katta, Vikash ^a,c   Karpati, Peter ^a   Opdahl, Andreas L ^b   Raspotnig, Christian ^b,c   Sindre, Guttorm ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b UNIVERSITY OF BERGEN   (Norway)

^c INSTITUTE FOR ENERGY TECHNOLOGY   (Norway)

Author keywords

experiment; requirements engineering; security; threat modeling

Indexed keywords

REQUIREMENTS ENGINEERING; VISUALIZATION;

CONTROLLED EXPERIMENT; INTRUSION SCENARIOS; MISUSE CASE; SECURITY; SEQUENCE DIAGRAMS; SYSTEM ARCHITECTURES; SYSTEM COMPONENTS; TEMPORAL SEQUENCES; THREAT MODELING;

EXPERIMENTS;

EID: 78649956131     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-16782-9_1     Document Type: Conference Paper

References (23)

1. Aagedal, J.Ø., et al.: Model-based Risk Assessment to Improve Enterprise Security. In: Proceedings of the Sixth International Enterprise Distributed Object Computing Conference (EDOC 2002). IEEE, Los Alamitos (2002)
2. Mitnick, K.D., Simon, W.L.: The Art of Intrusion. Wiley Publishing Inc., Chichester (2006)
3. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, Chichester (2000)
4. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), 34-44 (2005)
5. Karpati, P., Sindre, G., Opdahl, A.L.: Illustrating Cyber Attacks with Misuse Case Maps. Accepted to 16th International Working Conference on Requirements Engineering: Foundation for Software Quality, RefsQ 2010 (2010)
6. th IEEE International Conference on Requirements Engineering, RE 2010 (2010)
7. Unified Modeling Language, http://www.uml.org (accessed 4.6.2010)
8. Internet Security Glossary,http://www.apps.ietf.org/rfc/rfc2828.html (accessed 22.6.2010)
9. Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology 51(5), 916-932 (2009)
10. Buhr, R.J.A.: Use Case Maps: A New Model to Bridge the Gap Between Requirements and Detailed Design. In: 11th Annual ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 1995), Real Time Workshop, p. 4 (1995)
11. Markose, S., Xiaoqing, L., McMillin, B.: A Systematic Framework for Structured Object-Oriented Security Requirements Analysis in Embedded Systems. In: IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 1, pp. 75-81 (2008)
12. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An aspect-oriented methodology for designing secure applications. Information and Software Technology 51, 846-864 (2009)
13. Redmill, F., Chudleigh, M., Catmur, J.: Hazop and software Hazop. Wiley, Chichester (1999)
14. IEC 61025: Fault tree analysis (FTA), IEC Standard (2006)
15. Runde, R.K., Haugen, Ø., Stølen, K.: The Pragmatics of STAIRS, Research Report 349 (January 2007)
16. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
17. Karpati, P.: http://www.idi.ntnu.no/~kpeter/ExampleSheet-Group1.pdf (accessed 24.6.2010)
18. Davis, F.D.: Perceived usefulness, perceived ease of use and user acceptance of information technology. MIS Quarterly 13, 319-340 (1989)
19. Cohen, J.: Statistical power analysis for the behavioral sciences, 2nd edn. Lawrence Erlbaum, New Jersey (1988)
20. Hopkins, W.G.: A New View of Statistics. University of Queensland, Brisbane (2001)
21. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Norwell (2000)
22. Arisholm, E., Sjøberg, D.I.K.: Evaluating the effect of a delegated versus centralized control style on the maintainability of object-oriented software. IEEE Transactions on Software Engineering 30, 521-534 (2004)
23. Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: Toward a unified view. MIS Quarterly 27(3), 425-478 (2003)