John Neil Ruck (2009) Applying Misuse Case to Improve the Security of Information Systems.
Full text access: Open
In the Information Security Profession we are losing the Battle. Today’s Information Systems are, perversely, more secure than Tomorrow’s. The only way we can reverse this trend is by securing Information Systems smarter and faster than we do today. This dissertation explores Information Systems and how they are developed with the aim of incorporating Security in the early stages of their development; using a technique called ‘Misuse Cases’. Misuse Cases capture how an Information System can be used in a way that it is not supposed to, either deliberately (an attack) or accidentally (a mistake). It is true to say that Information Systems are misused by Human beings. Humans may use machines as a proxy from which to commit their misuses, but ultimately the security profession is at the mercy of human creativity (and stupidity). Misuse Cases provide us with a way to reason about how a System might be misused at an early stage in its development. We can use this information to incorporate countermeasures into the System’s Requirements (in the form of security requirements). We apply Four Techniques based on Misuse Cases to a hypothetical Case Study-an IT Contractor Management System to achieve the following: • Identify potential top-level Misuses; • Use Misuse Cases to Elicit Security Requirements; • Propose a way to develop Tests to verify that Security Requirements have been met. In applying the Techniques we recognise their benefits and limitations and where appropriate propose some enhancements.
This is a Published version This version's date is: 16/02/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/0e66218b-5c48-6a64-9e32-e7df486d7691/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
Alexander, I. F. (2003). Misuse Cases: use cases with hostile intent. IEEE Software , 58-66.
Alexander, I. F. (2002). Modelling the interplay of conflicting goals with use and misusecases. Paper presented at REFSQ, Essen, 9th-10th September , 145-152.
Bittner, K., & Spence, I. (2003). Use Case Modelling. Boston: Pearson Eduction.
Boswell, T., & Hill, S. (2006, March 31). VLA-Centric Evaluation: Improving Evaluations byPutting Vulnerabilities First. Retrieved August 26, 2008, from www.cesg.gov.uk:http://www.cesg.gov.uk/products_services/iacs/cc_and_itsec/media/formal-docs/vlacentric_evaluation.pdf
Braz, F. A., Fernandez, E. B., & VanHilst, M. (2008). Eliciting Security Requirements throughMisuse Activities. Available from www.securitypatterns.org.
BSI. (2005, November). Retrieved September 1, 2008, from The German Federal Office forInformation Security (BSI): http://www.bsi.bund.de/english/gshb/download/index.htm
CC. (2005). ISO 15408:2005 Common Criteria for Information Technology SecurityEvaluation version 3.1. International Standards Organisation.
CESG. (2007, July). Information Security Standard 1- Part 1. Retrieved August 29, 2008,from www.cesg.gsi.gov.uk: www.cesg.gsi.gov.uk/iabookstore/
Clegg, D., & Barker, R. (1994). Case Method: Fast-Track - A RAD Approach (Case Method).Addison Wesley.
Cockburn, A. (2001). Writing Effective Use Cases. Addison-Wesley.
Davis, A. M. (1993). Software Requirements: Objects, Functions and States. Prentice-Hall.
Firesmith, D. (2003). Security Use Cases. Journal of Object Technology , 2 (3), 53-64.
Fowler, M. (2004). UML Distilled 3rd Edition- A brief Guide to the Standard ModellingLanguage. Boston: Pearson Education Inc.
Grance, T., Hash, J., & Stevens, M. (2004). NIST SP800-64- Security Considerations in theInformation System Development Life Cycle- Recommendations of the National Institute ofStandards and Technology. National Insitute of Standards and Technology (NIST).
ISO. (2004). ISO13335-1:2004 Information technology -- Security techniques -- Managementof information and communications technology security -- Part 1: Concepts and models forinformation and communications technology security management. International StandardsOrganisation.
ISO. (1989). ISO7498-2:1989 Information Processing Systems- Open SystemsInterconnection- Basic Reference Model- Part 2: Security architecture. InternationalStandards Organisation.
Ivar Jacobson Consulting. (2005). Use-Case Modelling Course Notes. Use-Case Modelling .Ivar Jacobson International.
Jacobson, I. (1987). Object oriented development in an industrial environment. Object-Oriented Programming Systems, Languages and Applications .
Jacobson, I., Booch, G., & Rumbaugh, J. (1999). The Unified Software DevelopmentProcess. Reading: Addison Wesley.
Jacobson, I., Ericsson, M., & Jacobson, A. (1995). The Object Advantage- Business ProcessEngineering with Object Technology. New York: ACM Press Books.
Kivistö, K. (2000, December). A Third Generation Object-Oriented Process Model: Rolesand Architectures in Focus. Retrieved August 28, 2008, from University of Oulu, Finland:http://herkules.oulu.fi/isbn9514258371/html/c199.html
Kulak, D., & Eamonn, G. (2000). Use Cases: Requirements in Context. ACM Press.
Matthews, B. E. (2003, December). Addressing Security Concerns in the Early Stages of theProject Lifecycle. Retrieved August 30, 2008, from http://handle.dtic.mil/100.2/ADA419396Matulevičius, R., Mayer, N., & Heymans, P. (2008). Alignment of Misuse Cases with SecurityRisk Management. Third International Conference on Availability, Reliability and Security,2008. ARES 08. (pp. 1397-1404). Barcelona: IEEE.
Mayer, N., Patrick, H., & Matulevičius, R. (2007). Design of a Modelling Language forInformation System Security Risk Management. 1st International Conference on ResearchChallenges in Information Science (RCIS 2007). Ouarzazate, Morocco.
McDermott, J., & Fox, C. (1999). Using Abuse Case Models for Security RequirementsAnalysis. Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings.15th Annual (pp. 55-64). Pheonix: IEEE.
McGraw, G. (2006). Software Security- Building Security In. Boston: Pearson Education.McGraw, G., & Felten, E. (1999). Securing Java: Getting Down to Business with MobileCode. New York: John Wiley & Sons.
Mellor, S. J., Scott, K., Uhl, A., & Weise, D. (2004). MDA Distilled- Principles of Model-DrivenArchitecture. Boston: Pearson Education.
Pauli, J., & Xu, D. (2006). Integrating Functional and Security Requirements with Use CaseDecomposition. Proceedings of the 11th IEEE International Conference on Engineering ofComplex Computer Systems (ICECCS'06). IEEE.
Røstad, L. (2006). An extended misuse case notation: Including vulnerabilities and theInsider Threat. In Proceedings of the Twelfth Working Conference on RequirementsEngineering: Foundation for Software Quality (REFSQ’06). Luxembourg.
Schneier, B. (2004). Secrets & Lies- Digital Security in a Networked World (with newinformation post-9/11 security). Indianapolis: Wiley Inc.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P.(2006). Security Patterns- Integrating Security and Systems Engineering. Chichster: JohnWiley and Sons.
Shostack, A. (2007, September 11th). The Secure Development Lifecycle- STRIDE chart .Retrieved August 21st, 2008, from Microsort MSDN Blogs:http://blogs.msdn.com/sdl/archive/2007/09/11/stride-chart.aspx
Sindre, G., & Opdahl, A. L. (2001). Capturing Security Requirements through Misuse Cases.Retrieved July 23, 2008, from Norsk Informatikkonferanse: www.nik.no/2001/21-sindre.pdf
Sindre, G., & Opdahl, A. L. (2005). Eliciting security requirements with misuse cases.Requirements Engineering , 10, 34-44.
Sindre, G., Firesmith, D. G., & Opdhal, A. L. (2003). A Reuse-based Approach toDetermining Security Requirements. REFSQ'03 Pre-proceedings (pp. 106-114).Klagenfurt/Velden: REFSQ.
Swiderski, F., & Snyder, W. (2004). Threat Modelling. Redmond, Washington: MicrosoftPress.
Tipton, W. H. (2004). Population and Maintenance of the Department of the InteriorEnterprise Architecture Repository. OCIO DIRECTIVE 2004-010 .
Whittle, J. (2008, June). Presentation on Executable Misuse Cases. (J. Whittle, Performer)CESG Technical Panel, Cheltenham.
Whittle, J., Wijesekera, D., & Hartong, M. (2008, May). Executable Misuse Cases forModelling Security Concerns. ICSE , 10-18.