From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design View Full Text


Ontology type: schema:ScholarlyArticle     


Article Info

DATE

2014-02

AUTHORS

Mohamed El-Attar

ABSTRACT

Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases. More... »

PAGES

173-190

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/s10270-012-0240-5

DOI

http://dx.doi.org/10.1007/s10270-012-0240-5

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1053539219


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "King Fahd University of Petroleum and Minerals", 
          "id": "https://www.grid.ac/institutes/grid.412135.0", 
          "name": [
            "Information and Computer Science Department, King Fahd University of Petroleum and Minerals, P.O. Box 5066, 31261, Dhahran, Kingdom of Saudi Arabia"
          ], 
          "type": "Organization"
        }, 
        "familyName": "El-Attar", 
        "givenName": "Mohamed", 
        "id": "sg:person.012627151205.68", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012627151205.68"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "sg:pub.10.1007/978-3-540-73031-6_27", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1009975391", 
          "https://doi.org/10.1007/978-3-540-73031-6_27"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s10515-007-0013-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1012828156", 
          "https://doi.org/10.1007/s10515-007-0013-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s10515-007-0013-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1012828156", 
          "https://doi.org/10.1007/s10515-007-0013-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/11880240_22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1023097979", 
          "https://doi.org/10.1007/11880240_22"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00766-004-0194-4", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1024451278", 
          "https://doi.org/10.1007/s00766-004-0194-4"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00766-004-0194-4", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1024451278", 
          "https://doi.org/10.1007/s00766-004-0194-4"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-642-34176-2_18", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1029556158", 
          "https://doi.org/10.1007/978-3-642-34176-2_18"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-39648-2_22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1040227327", 
          "https://doi.org/10.1007/978-3-540-39648-2_22"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-39648-2_22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1040227327", 
          "https://doi.org/10.1007/978-3-540-39648-2_22"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/205350.205356", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1043566440"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1125808.1125810", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1046945756"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/52.663783", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061185827"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/apsec.2003.1254403", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093293927"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/ecbs.2005.48", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093322620"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/scesm.2007.1", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093479803"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icre.2002.1048506", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093989195"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icre.2004.1335698", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094287590"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/re.2005.43", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094942505"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2014-02", 
    "datePublishedReg": "2014-02-01", 
    "description": "Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.", 
    "genre": "research_article", 
    "id": "sg:pub.10.1007/s10270-012-0240-5", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": false, 
    "isPartOf": [
      {
        "id": "sg:journal.1136228", 
        "issn": [
          "1619-1366", 
          "1619-1374"
        ], 
        "name": "Software & Systems Modeling", 
        "type": "Periodical"
      }, 
      {
        "issueNumber": "1", 
        "type": "PublicationIssue"
      }, 
      {
        "type": "PublicationVolume", 
        "volumeNumber": "13"
      }
    ], 
    "name": "From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design", 
    "pagination": "173-190", 
    "productId": [
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "ff0345f027ec975ec49eae99b45b59c6c56dab319b32334a976296f6d4693189"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/s10270-012-0240-5"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1053539219"
        ]
      }
    ], 
    "sameAs": [
      "https://doi.org/10.1007/s10270-012-0240-5", 
      "https://app.dimensions.ai/details/publication/pub.1053539219"
    ], 
    "sdDataset": "articles", 
    "sdDatePublished": "2019-04-10T15:53", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8664_00000516.jsonl", 
    "type": "ScholarlyArticle", 
    "url": "http://link.springer.com/10.1007%2Fs10270-012-0240-5"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10270-012-0240-5'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10270-012-0240-5'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10270-012-0240-5'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10270-012-0240-5'


 

This table displays all metadata directly associated to this object as RDF triples.

112 TRIPLES      21 PREDICATES      42 URIs      19 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/s10270-012-0240-5 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 schema:author N9abdeac4a39c4435aabde024068105fa
4 schema:citation sg:pub.10.1007/11880240_22
5 sg:pub.10.1007/978-3-540-39648-2_22
6 sg:pub.10.1007/978-3-540-73031-6_27
7 sg:pub.10.1007/978-3-642-34176-2_18
8 sg:pub.10.1007/s00766-004-0194-4
9 sg:pub.10.1007/s10515-007-0013-5
10 https://doi.org/10.1109/52.663783
11 https://doi.org/10.1109/apsec.2003.1254403
12 https://doi.org/10.1109/ecbs.2005.48
13 https://doi.org/10.1109/icre.2002.1048506
14 https://doi.org/10.1109/icre.2004.1335698
15 https://doi.org/10.1109/re.2005.43
16 https://doi.org/10.1109/scesm.2007.1
17 https://doi.org/10.1145/1125808.1125810
18 https://doi.org/10.1145/205350.205356
19 schema:datePublished 2014-02
20 schema:datePublishedReg 2014-02-01
21 schema:description Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.
22 schema:genre research_article
23 schema:inLanguage en
24 schema:isAccessibleForFree false
25 schema:isPartOf Nc4b48caea1eb49fcaf73cb58c28c1814
26 Nd763c70561b44eaea77eb40853838f63
27 sg:journal.1136228
28 schema:name From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design
29 schema:pagination 173-190
30 schema:productId N157f119bb8b54377ad8e6c86b1ec4828
31 Nd9c4b1447bee45c0814338de7566b1fe
32 Nee24531c27f4486883f52f1528c1ce95
33 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053539219
34 https://doi.org/10.1007/s10270-012-0240-5
35 schema:sdDatePublished 2019-04-10T15:53
36 schema:sdLicense https://scigraph.springernature.com/explorer/license/
37 schema:sdPublisher Nb07ee14afd434d69b7c477165dd99bf7
38 schema:url http://link.springer.com/10.1007%2Fs10270-012-0240-5
39 sgo:license sg:explorer/license/
40 sgo:sdDataset articles
41 rdf:type schema:ScholarlyArticle
42 N157f119bb8b54377ad8e6c86b1ec4828 schema:name doi
43 schema:value 10.1007/s10270-012-0240-5
44 rdf:type schema:PropertyValue
45 N9abdeac4a39c4435aabde024068105fa rdf:first sg:person.012627151205.68
46 rdf:rest rdf:nil
47 Nb07ee14afd434d69b7c477165dd99bf7 schema:name Springer Nature - SN SciGraph project
48 rdf:type schema:Organization
49 Nc4b48caea1eb49fcaf73cb58c28c1814 schema:volumeNumber 13
50 rdf:type schema:PublicationVolume
51 Nd763c70561b44eaea77eb40853838f63 schema:issueNumber 1
52 rdf:type schema:PublicationIssue
53 Nd9c4b1447bee45c0814338de7566b1fe schema:name dimensions_id
54 schema:value pub.1053539219
55 rdf:type schema:PropertyValue
56 Nee24531c27f4486883f52f1528c1ce95 schema:name readcube_id
57 schema:value ff0345f027ec975ec49eae99b45b59c6c56dab319b32334a976296f6d4693189
58 rdf:type schema:PropertyValue
59 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
60 schema:name Information and Computing Sciences
61 rdf:type schema:DefinedTerm
62 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
63 schema:name Computer Software
64 rdf:type schema:DefinedTerm
65 sg:journal.1136228 schema:issn 1619-1366
66 1619-1374
67 schema:name Software & Systems Modeling
68 rdf:type schema:Periodical
69 sg:person.012627151205.68 schema:affiliation https://www.grid.ac/institutes/grid.412135.0
70 schema:familyName El-Attar
71 schema:givenName Mohamed
72 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012627151205.68
73 rdf:type schema:Person
74 sg:pub.10.1007/11880240_22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023097979
75 https://doi.org/10.1007/11880240_22
76 rdf:type schema:CreativeWork
77 sg:pub.10.1007/978-3-540-39648-2_22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1040227327
78 https://doi.org/10.1007/978-3-540-39648-2_22
79 rdf:type schema:CreativeWork
80 sg:pub.10.1007/978-3-540-73031-6_27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1009975391
81 https://doi.org/10.1007/978-3-540-73031-6_27
82 rdf:type schema:CreativeWork
83 sg:pub.10.1007/978-3-642-34176-2_18 schema:sameAs https://app.dimensions.ai/details/publication/pub.1029556158
84 https://doi.org/10.1007/978-3-642-34176-2_18
85 rdf:type schema:CreativeWork
86 sg:pub.10.1007/s00766-004-0194-4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1024451278
87 https://doi.org/10.1007/s00766-004-0194-4
88 rdf:type schema:CreativeWork
89 sg:pub.10.1007/s10515-007-0013-5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1012828156
90 https://doi.org/10.1007/s10515-007-0013-5
91 rdf:type schema:CreativeWork
92 https://doi.org/10.1109/52.663783 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061185827
93 rdf:type schema:CreativeWork
94 https://doi.org/10.1109/apsec.2003.1254403 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093293927
95 rdf:type schema:CreativeWork
96 https://doi.org/10.1109/ecbs.2005.48 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093322620
97 rdf:type schema:CreativeWork
98 https://doi.org/10.1109/icre.2002.1048506 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093989195
99 rdf:type schema:CreativeWork
100 https://doi.org/10.1109/icre.2004.1335698 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094287590
101 rdf:type schema:CreativeWork
102 https://doi.org/10.1109/re.2005.43 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094942505
103 rdf:type schema:CreativeWork
104 https://doi.org/10.1109/scesm.2007.1 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093479803
105 rdf:type schema:CreativeWork
106 https://doi.org/10.1145/1125808.1125810 schema:sameAs https://app.dimensions.ai/details/publication/pub.1046945756
107 rdf:type schema:CreativeWork
108 https://doi.org/10.1145/205350.205356 schema:sameAs https://app.dimensions.ai/details/publication/pub.1043566440
109 rdf:type schema:CreativeWork
110 https://www.grid.ac/institutes/grid.412135.0 schema:alternateName King Fahd University of Petroleum and Minerals
111 schema:name Information and Computer Science Department, King Fahd University of Petroleum and Minerals, P.O. Box 5066, 31261, Dhahran, Kingdom of Saudi Arabia
112 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...