Defining security requirements through misuse actions

An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be s...

Descripción completa

Guardado en:

Detalles Bibliográficos
Autores principales:	Fernández, Eduardo B., Van Hilst, Michael, Larrondo Petrie, Maria M., Huang, Shihong
Formato:	Objeto de conferencia
Lenguaje:	Inglés
Publicado:	2006
Materias:	Ciencias Informáticas Security
Acceso en línea:	http://sedici.unlp.edu.ar/handle/10915/24047
Aporte de:	SEDICI (UNLP) de Universidad Nacional de La Plata

id	I19-R120-10915-24047
record_format	dspace
institution	Universidad Nacional de La Plata
institution_str	I-19
repository_str	R-120
collection	SEDICI (UNLP)
language	Inglés
topic	Ciencias Informáticas Security
spellingShingle	Ciencias Informáticas Security Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong Defining security requirements through misuse actions
topic_facet	Ciencias Informáticas Security
description	An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification.
format	Objeto de conferencia Objeto de conferencia
author	Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong
author_facet	Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong
author_sort	Fernández, Eduardo B.
title	Defining security requirements through misuse actions
title_short	Defining security requirements through misuse actions
title_full	Defining security requirements through misuse actions
title_fullStr	Defining security requirements through misuse actions
title_full_unstemmed	Defining security requirements through misuse actions
title_sort	defining security requirements through misuse actions
publishDate	2006
url	http://sedici.unlp.edu.ar/handle/10915/24047
work_keys_str_mv	AT fernandezeduardob definingsecurityrequirementsthroughmisuseactions AT vanhilstmichael definingsecurityrequirementsthroughmisuseactions AT larrondopetriemariam definingsecurityrequirementsthroughmisuseactions AT huangshihong definingsecurityrequirementsthroughmisuseactions
bdutipo_str	Repositorios
_version_	1764820466527109120

Defining security requirements through misuse actions

Ejemplares similares