An Integration of Threat Modeling with Attack Pattern and Misuse Case for Effective Security Requirement Elicitation
Main Article Content
Abstract
Today’s security is becoming a brainstorming issue due to inventive attacks. To elicit effective security requirement to the system, software developers need to think like an attacker. This paper considers three effective security requirement elicitation techniques, Threat modelling, Misuse case and Attack pattern. Threat Modeling is a technique to prevent the system from any undesired event by modeling all the information which has the potential to harm the system. It is a process for eliciting security requirement by identifying harmful threats to the system. Misuse case represents negative use cases to model threats and mis-actors to represent attackers. Misuse cases are capable of modeling threat and risk analysis process. Attack Pattern works as a method to identify the attacker’s perspective. Specifically, Threat modelling, Attack pattern and Misuse case are compared on the basis of some parameters. The comparative analysis provides some merits and demerits of these techniques. This paper investigates how misuse cases enhance the performance of threat modeling. This paper also describes an effective way for security requirement elicitation by integrating threat modeling with attack pattern and misuse cases.
Keywords: Threat Modeling; Misuse Case; Attack Patterns; Secure software development; Security Requirement Elicitation
Keywords: Threat Modeling; Misuse Case; Attack Patterns; Secure software development; Security Requirement Elicitation
Downloads
Download data is not yet available.
Article Details
Section
Articles
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.