Visualizing Cyber Attacks with Misuse Case Maps

[Context and motivation] In the development of secure software, work on requirements and on architecture need to be closely intertwined, because possible threats and the chosen architecture depend on each other mutually. [Question/problem] Nevertheless, most security requirement techniques do not take architecture into account. The transition from security requirements to secure architectures is left to security experts and software developers, excluding domain experts and other groups of stakeholders from discussions of threats, vulnerabilities and mitigations in an architectural context. [Principal idea/results] The paper introduces misuse case maps, a new modelling technique that is the anti-behavioural complement to use case maps. The purpose of the new technique is to visualize how cyber attacks are performed in an architectural context. [Contribution] The paper investigates what a misuse case map notation might look like. A preliminary evaluation suggests that misuse case maps may indeed make it easier for less experienced stakeholders to gain an understanding of multi-stage intrusion scenarios.

[1]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[2]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[3]  R. J. A. Buhr,et al.  Use Case Maps for Object-Oriented Systems , 1995 .

[4]  Anthony Boswell Specification and Validation of a Security Policy Model , 1995, IEEE Trans. Software Eng..

[5]  R.J.A. Buhr,et al.  Use case maps for attributing behaviour to system architecture , 1996, Proceedings of the 4th International Workshop on Parallel and Distributed Real-Time Systems.

[6]  Raymond J. A. Buhr,et al.  Use Case Maps as Architectural Entities for Complex Systems , 1998, IEEE Trans. Software Eng..

[7]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[8]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[9]  Brian Ritchie,et al.  Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach , 2002, I3E.

[10]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[11]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..

[12]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[13]  C. Murray Woodside,et al.  Performance-related completions for software specifications , 2002, ICSE '02.

[14]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[15]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[16]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[17]  Ulf Lindqvist,et al.  Correlated Attack Modeling (CAM) , 2003 .

[18]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[19]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[20]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[21]  Dave Aitel,et al.  The Shellcoder's Handbook: Discovering and Exploiting Security Holes , 2004 .

[22]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[23]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[24]  Bashar Nuseibeh,et al.  Using abuse frames to bound the scope of security problems , 2004, Proceedings. 12th IEEE International Requirements Engineering Conference, 2004..

[25]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[26]  Mario Piattini,et al.  Towards an integration of Security Requirements into Business Process Modeling , 2005, WOSIS.

[27]  William L. Simon,et al.  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers , 2005 .

[28]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[29]  John Mylopoulos,et al.  Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[30]  Jeffrey Barlow,et al.  The Art of Intrusion , 2005 .

[31]  Tim Kelly,et al.  Managing Architectural Design Decisions for Safety-Critical Software Systems , 2006, QoSA.

[32]  Mario Piattini,et al.  Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile , 2006, ER.

[33]  Sean Barnum,et al.  Attack Patterns as a Knowledge Resource for Building Secure Software , 2007 .

[34]  Guttorm Sindre A Look at Misuse Cases for Safety Concerns , 2007, Situational Method Engineering.

[35]  Daniel Amyot,et al.  Visualizing Early Aspects with Use Case Maps , 2007, LNCS Trans. Aspect Oriented Softw. Dev..

[36]  Tor Stålhane,et al.  A Comparison of Two Approaches to Safety Analysis Based on Use Cases , 2007, ER.

[37]  Tor Stålhane,et al.  Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams , 2008, MoDELS.

[38]  Sindre Guttorm,et al.  Misuse Cases for Identifying System Dependability Threats , 2008 .

[39]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[40]  Liam Peyton,et al.  A Requirement Engineering Framework for Electronic Data Sharing of Health Care Data Between Organizations , 2009, MCETECH.

[41]  Andreas L. Opdahl,et al.  Experimental comparison of attack trees and misuse cases for security threat identification , 2009, Inf. Softw. Technol..

[42]  Alwyn R. Pais,et al.  Suraksha: A Security Designers' Workbench , 2009 .

[43]  Inger Anne Tøndel,et al.  Combining Misuse Cases with Attack Trees and Security Activity Models , 2010, 2010 International Conference on Availability, Reliability and Security.

[44]  Andreas L. Opdahl,et al.  Towards a Hacker Attack Representation Method , 2010, ICSOFT.