Experimental Comparison of Misuse Case Maps with Misuse Cases and System Architecture Diagrams for Eliciting Security Vulnerabilities and Mitigations

The idea of security aware system development from the start of the engineering process is generally accepted nowadays and is becoming applied in practice. Many recent initiatives support this idea with special focus on security requirements elicitation. However, there are so far no techniques that provide integrated overviews of security threats and system architecture. One way to achieve this is by combining misuse cases with use case maps into misuse case maps (MUCM). This paper presents an experimental evaluation of MUCM diagrams focusing on identification of vulnerabilities and mitigations. The controlled experiment with 33 IT students included a complex hacker intrusion from the literature, illustrated either with MUCM or with alternative diagrams. The results suggest that participants using MUCM found significantly more mitigations than participants using regular misuse cases combined with system architecture diagrams.

[1]  Jiacun Wang,et al.  Introducing software architecture specification and analysis in SAM through an example , 1999, Inf. Softw. Technol..

[2]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[3]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[4]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[5]  Jeffrey Barlow,et al.  The Art of Intrusion , 2005 .

[6]  Donald G. Firesmith A Taxonomy of Security-Related Requirements , 2005 .

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[9]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[10]  Andreas L. Opdahl,et al.  Experimental comparison of attack trees and misuse cases for security threat identification , 2009, Inf. Softw. Technol..

[11]  R.J.A. Buhr,et al.  Use case maps for attributing behaviour to system architecture , 1996, Proceedings of the 4th International Workshop on Parallel and Distributed Real-Time Systems.

[12]  Joshua J. Pauli,et al.  Threat-Driven Design and Analysis of Secure Software Architectures , 2006 .

[13]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[14]  S. El-Kassas,et al.  A Rigorous Methodology for Security Architecture Modeling and Verification , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[15]  Dianxiang Xu,et al.  Misuse case-based design and analysis of secure software architecture , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[16]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[17]  Li Gong,et al.  Secure software architectures , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[18]  Gary Blau,et al.  Review of Statistics , 2008 .

[19]  Andreas L. Opdahl,et al.  Comparing Two Techniques for Intrusion Visualization , 2010, PoEM.

[20]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[21]  Andreas L. Opdahl,et al.  Visualizing Cyber Attacks with Misuse Case Maps , 2010, REFSQ.

[22]  Dong Seong Kim,et al.  Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.

[23]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[24]  Martin Gilje Jaatun,et al.  Security Requirements for the Rest of Us: A Survey , 2008, IEEE Software.

[25]  David J. Parish,et al.  Unified P arametrizable Attack Tree , 2011 .

[26]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[27]  Mario Piattini,et al.  Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile , 2006, ER.

[28]  L OpdahlAndreas,et al.  Eliciting security requirements with misuse cases , 2005 .

[29]  R. J. A. Buhr,et al.  Use Case Maps for Object-Oriented Systems , 1995 .

[30]  Yi Deng,et al.  An Approach for Modeling and Analysis of Security System Architectures , 2003, IEEE Trans. Knowl. Data Eng..

[31]  Mario Piattini,et al.  Towards an integration of Security Requirements into Business Process Modeling , 2005, WOSIS.

[32]  P. Lachenbruch Statistical Power Analysis for the Behavioral Sciences (2nd ed.) , 1989 .

[33]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[34]  R.F. Mills,et al.  Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[35]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[36]  Bashar Nuseibeh,et al.  Using abuse frames to bound the scope of security problems , 2004, Proceedings. 12th IEEE International Requirements Engineering Conference, 2004..

[37]  Anthony Boswell,et al.  Specification and Validation of a Security Policy Model , 1993, IEEE Trans. Software Eng..

[38]  Jie Wang,et al.  Unified Parametrizable Attack Tree , 2011 .

[39]  Brian Ritchie,et al.  Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach , 2002, I3E.

[40]  Sam Supakkul,et al.  A Model-driven Approach to Architecting Secure Software , 2007, SEKE.

[41]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[42]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..