Towards a hacker attack representation method

ICSOFT 2010 - Proceedings of the 5th International Conference on Software and Data Technologies

Volumn 2, Issue , 2010, Pages 92-101

  Karpati, Peter ^a   Sindre, Guttorm ^a   Opdahl, Andreas L ^b  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b UNIVERSITY OF BERGEN   (Norway)

Author keywords

Attack pattern; Attack tree; Intrusion analysis; Misuse case; Security requirements

Indexed keywords

ATTACK PATTERNS; ATTACK TREE; INTRUSION ANALYSIS; MISUSE CASE; SECURITY REQUIREMENTS;

COMPUTER CRIME; PERSONAL COMPUTING;

SECURITY OF DATA;

EID: 78751562996     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. Amyot, D., Mussbacher, G. (2000) On the Extension of UML with Use Case Maps Concepts. Proc. UML 2000, pp 16-31.
2. Alexander I. (2003) Misuse Cases: Use Cases with Hostile Intent, IEEE Software, 20(1):58-66.
3. Barnum, S. (2007) Attack Patterns as a Knowledge Resource for Building Secure Software, In A. Sethi (ed.) Cigital: OMG Software Assurance WS
4. Benyon, D., Skidmore, S. (1987) Towards a Tool Kit For the Systems Analyst, The Computer Journal 30(l):2-7
5. Buhr R. J. A. (1996) Use case maps for attributing behaviour to system architecture, Proc. 4th Int. WS on Parallel and Distributed Real-Time Systems, p.3
6. Buhr R.J.A., Casselman R.S. (1995) Use Case Maps for Object-Oriented Systems, Prentice Hall
7. Cheung, S., Lindqvist, U., Valdez, R. (2003) Correlated Attack Modeling (CAM), Final Technical Report by SRI International, October 2003
8. Gegick, M., Williams, L., (2005) Matching attack patterns to security vulnerabilities in software- intensive system designs, Proc. SESS05 - building trustworthy applications, pp 1 -7
9. Gutierrez, C, Fernandez-Medina, E., Piattini, M. (2005a), Web services enterprise security architecture: a case study. Proc. WS on Secure Web Services (SWS'05), Fairfax, VA, USA.
10. Gutierrez, C, Fernandez-Medina, E., Piattini, M. (2005b), Towards a Process for Web Services Security, Proc. WOSIS'05 at ICEIS'05, Miami, Florida, USA.
11. Gutierrez, C, Fernandez-Medina, E., Piattini, M. (2006), PWSSec: Process for Web Services Security, In Proc. ICWS '06, pp.213-222, 18-22
12. Karpati P., Sindre G., Opdahl A. L. (2010) Illustrating Cyber Attacks with Misuse Case Maps, Proc. REFSQ
13. Maurya, S., Jangam, E., Talukder, M., Pais, A.R. (2009) Suraksha: A security designers' workbench. Proc. Hack.in 2009, pp. 59-66.
14. Mead, N.R, Stehney, T. (2005) Security Quality Requirements Engineering (SQUARE) Methodology. In Proc SESS'05. St. Louis, MO, May 15-16, 2005
15. Mitnick K. D., Simon W. L. (2006) The Art of Intrusion, Wiley Publishing Inc.
16. Neumann, P.G., Porras, P.A.. (1999) Experience with EMERALD to date. Proc WS on Intrusion Detection and Network Monitoring, pp:73-80
17. Ning, P., Cui, Y., Reeves, D.S. (2002) Constructing attack scenarios through correlation of intrusion alerts. Proc. 9th ACM conf. on CCS, pp: 245-254
18. OMG Unified Modeling LanguageTM (OMG UML), Superstructure Version 2.2, Feb. 2009
19. Opdahl A. L., Sindre, G. (2009) Experimental Comparison of Attack Trees and Misuse Cases for Security Threat Identification, Information and Software Technology, 51(5):916-932
20. Schneier, B. (1999) Attack Trees, Dr. Dobb's Journal Schneier, B. (2000) Secrets and Lies: Digital Security in a Networked World, Wiley.
21. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M. (2002) Automated Generation and Analysis of Attack Graphs, Proc. IEEE Symposium on Security and Privacy, p.273, May 12-15
22. Sindre, G. (2007). Mai-Activity Diagrams for Capturing Attacks on Business Processes. Lecture Notes in Computer Science, vol. 4542. pp 355-366
23. Sindre, G., Opdahl A.L. (2005). Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1): 34-44
24. Sindre, G., Opdahl, A.L., Brevik, G.F. (2002) Generalization/ Specialization as a Structuring Mechanism for Misuse Cases. Proc. SREIS'2002.
25. Steele, P., Zaslavsky, A. (1993) The Role of Metamodels in Federating System Modelling Techniques, In Proc ER'93, Dallas, USA, pp 301-12
26. Templeton, S.J., Levitt, K. (2000) A requires/provides model for computer attacks, Proc. WS on New security paradigms, pp.31-38.
27. The Mitre Corp. (2010): Common Attack Pattern Enumeration and Classification, capec.mitre.org. Accessed: 30.3.2010.OMG (2009)
28. Tøndel, I.A., Jensen, J., Røstad, L. (2010) Combining misuse cases with attack trees and security activity models Proc. OSA workshop.