Defining security requirements through misuse actions
An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be s...
Guardado en:
Autores principales: | , , , |
---|---|
Formato: | Objeto de conferencia |
Lenguaje: | Inglés |
Publicado: |
2006
|
Materias: | |
Acceso en línea: | http://sedici.unlp.edu.ar/handle/10915/24047 |
Aporte de: |
id |
I19-R120-10915-24047 |
---|---|
record_format |
dspace |
institution |
Universidad Nacional de La Plata |
institution_str |
I-19 |
repository_str |
R-120 |
collection |
SEDICI (UNLP) |
language |
Inglés |
topic |
Ciencias Informáticas Security |
spellingShingle |
Ciencias Informáticas Security Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong Defining security requirements through misuse actions |
topic_facet |
Ciencias Informáticas Security |
description |
An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification. |
format |
Objeto de conferencia Objeto de conferencia |
author |
Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong |
author_facet |
Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong |
author_sort |
Fernández, Eduardo B. |
title |
Defining security requirements through misuse actions |
title_short |
Defining security requirements through misuse actions |
title_full |
Defining security requirements through misuse actions |
title_fullStr |
Defining security requirements through misuse actions |
title_full_unstemmed |
Defining security requirements through misuse actions |
title_sort |
defining security requirements through misuse actions |
publishDate |
2006 |
url |
http://sedici.unlp.edu.ar/handle/10915/24047 |
work_keys_str_mv |
AT fernandezeduardob definingsecurityrequirementsthroughmisuseactions AT vanhilstmichael definingsecurityrequirementsthroughmisuseactions AT larrondopetriemariam definingsecurityrequirementsthroughmisuseactions AT huangshihong definingsecurityrequirementsthroughmisuseactions |
bdutipo_str |
Repositorios |
_version_ |
1764820466527109120 |