Modeling Security Threat Patterns to Derive Negative Scenarios

The elicitation of security requirements is a crucial issue to develop secure business processes and information systems of higher quality. Although we have several methods to elicit security requirements, most of them do not provide sufficient supports to identify security threats. Since threats do not occur so frequently, like exceptional events, it is much more difficult to determine the potentials of threats exhaustively rather than identifying normal behavior of a business process. To reduce this difficulty, accumulated knowledge of threats obtained from practical setting is necessary. In this paper, we present the technique to model knowledge of threats as patterns by deriving the negative scenarios that realize threats and to utilize them during business process modeling. The knowledge is extracted from Security Target documents, based on the international Common Criteria Standard, and the patterns are described with transformation rules on sequence diagrams. In our approach, an analyst composes normal scenarios of a business process with sequence diagrams, and the threat patterns matched to them derives negative scenarios. Our approach has been demonstrated on several examples, to show its practical application.

[1]  Gabriele Taentzer,et al.  AGG: A Graph Transformation Environment for Modeling and Validation of Software , 2003, AGTIVE.

[2]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[3]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[4]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[5]  Haruhiko Kaiya,et al.  Security Requirements Elicitation Using Method Weaving and Common Criteria , 2008, MoDELS Workshops.

[6]  Haruhiko Kaiya,et al.  Eliciting Security Requirements for an Information System using Asset Flows and Processor Deployment , 2013, Int. J. Secur. Softw. Eng..

[7]  Eric S. K. Yu,et al.  A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations , 2009, ER.

[8]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[9]  M. Saeki,et al.  Software Development Process From Natural Language Specification , 1989, 11th International Conference on Software Engineering.

[10]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[11]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[12]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[13]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[14]  J.B. Bowles,et al.  Using the Common Criteria to Elicit Security Requirements with Use Cases , 2006, Proceedings of the IEEE SoutheastCon 2006.