THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS

Joshua Pauli, Dianxiang Xu

2005

Abstract

To deal with software security issues in the early stages of system development, this paper presents a threat-driven approach to the architectural design and analysis of secure information systems. In this approach, we model security threats to systems with misuse cases and mitigation requirements with mitigation use cases at the requirements analysis phase. Then we drive system architecture design (including the identification of architectural components and their connections) by use cases, misuse cases, and mitigation use cases. According to the misuse case-based threat model, we analyze whether or not a candidate architecture is resistant to the identified security threats and what constraints must be imposed on the choices of system implementation. This provides a smooth transition from requirements specification to high-level design and greatly improves the traceability of security concerns in high assurance information systems. We demonstrate our approach through a case study on a security-intensive payroll information system.

References

  1. Alexander, I. 2002. Initial industrial experience of misuse cases. In Proc. of IEEE Joint International Requirements Engineering Conference, pp. 61-68.
  2. Alexander, I. 2003. Misuse cases: Use cases with hostile intent. IEEE Software, pp. 58-66 (January/February 2003).
  3. Bittner, K. and Spence, I. 2003. Use case modeling, Object Technology Series, Addison-Wesley, 2003.
  4. Firesmith, D. 2003. Security use cases. Journal of Object Technology, Vol. 2, No. 3, 53-64. (May-June 2003).
  5. Hoglund, G. and McGraw, G. 2004. Exploiting software: How to break code. Addison-Wesley.
  6. Howard, M. and LeBlanc, D. 2003. Writing secure code. Microsoft Press. 2nd edition,
  7. Jacobson, I., Christerson, M., Jonsson, P., and Overgaard, G. 1994. Object-oriented software engineering: A use case driven approach. Addison-Wesley, 1994.
  8. Kantorowitz, E., Lyakas, A., and Myasqobsky, A. 2003. Use case-oriented software architecture. CMC03.
  9. Kazman, R., Abowd, G., Bass, L., and Clements, P. 1996. Scenario-based analysis of software architecture. IEEE Software. pp.47-55, November 1996.
  10. McDermott, J. 2001. Abuse-case-based assurance arguments. In Proc. of the 17th Computer Security Applications Conference (ACSAC'O1). New Orleans LA USA, pp. 366-374.
  11. McDermott, J. and Fox, C. 1999. Using abuse case models for security requirements analysis. In Proc. of the 15th Annual Computer Security Application Conference, pp. 55-66.
  12. Sindre, G. and Opdahl, 2001a. A.L. Eliciting security requirements by misuse cases. In Proc. of TOOLS Pacific 2000, pp. 120-131.
  13. Sindre, G. and Opdahl, A.L. 2001b. Templates for misuse case description. In Proc. of the 7th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ'2001).
  14. Swiderski, F. and Snyder, W. 2004. Threat modeling. Microsoft Press.
  15. UML 2.0. http://www.uml.org/
  16. Viega, J. and M., Gary. 2002. Building secure software: How to avoid security problems in the right way. Addison Wesley, 2002.
Download


Paper Citation


in Harvard Style

Pauli J. and Xu D. (2005). THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-19-8, pages 136-143. DOI: 10.5220/0002549501360143


in Bibtex Style

@conference{iceis05,
author={Joshua Pauli and Dianxiang Xu},
title={THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2005},
pages={136-143},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002549501360143},
isbn={972-8865-19-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS
SN - 972-8865-19-8
AU - Pauli J.
AU - Xu D.
PY - 2005
SP - 136
EP - 143
DO - 10.5220/0002549501360143