Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study

Joshua J. Pauli, Dianxiang Xu

Abstract

Based on the threat-driven architectural design of secure information systems, this paper introduces an approach for the tradeoff analysis of secure software architectures in order to determine the effects of security requirements on the system. We use a case study on a payroll information system (PIS) to show the approach from misuse case identification through the architecture tradeoff analysis. In the case study, we discuss how to make tradeoff between security and availability with respect to the number of servers present.

References

  1. Alexander, I. Initial industrial experience of misuse cases. In Proc. of IEEE Joint International Requirements Engineering Conference, (2002) pp. 61-68
  2. Alexander, I. Misuse cases: Use cases with hostile intent. IEEE Software, (2003) pp. 58-66
  3. Barbacci, M., Carriere, J., Kazman, R., Klein, M., Lipson, H., Longstaff, T., and Weinstock, C. Steps Toward an architecture trade-off analysis method: Quality attribute models and analysis. CMU/SEI-97-TR-29, (1997)
  4. Firesmith, D. Security use cases. Journal of Object Technology, (2003)Vol. 2, No. 3, 53-64.
  5. Hoglund, G. and McGraw, G. Exploiting software: How to break code. Addison-Wesley. (2004)
  6. Howard, M. and LeBlanc, D. Writing secure code. Microsoft Press. 2nd edition, (2003)
  7. Jacobson, I., Christerson, M., Jonsson, P., and Overgaard, G. Object-Oriented SoftwareEngineering: A Use Case Driven Approach. Addison-Wesley, (1994)
  8. Kantorowitz, E., Lyakas, A., and Myasqobsky, A. Use case-oriented software architecture. CMC03 (2003)
  9. Kazman, R., Abowd, G., Bass, L., and Clements, P. Scenario-based analysis of software architecture. IEEE Software. pp.47-55, (1996)
  10. Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., and Carriere, J. The architecture tradeoff analysis method. In Proc. of the 4th International Conference on Engineering of Complex Computer Systems (ICECCS98), (1998)
  11. McDermott, J. and Fox, C. Using abuse case models for security requirements analysis. In Proc. of the 15th Annual Computer Security Application Conference, pp. 55-66, (1999)
  12. Pauli, J., and Xu, D., Threat-driven architectural design of secure information systems. In Proc. of ICEIS'05. Miami, May 2005. To appear.
  13. Ruhe, G. and Eberlein, A. Trade-off analysis for requirements selection. International Journal of Software Engineering and Knowledge Engineering, Vol. 13, No. 4 (2003) 345- 366.
  14. Sindre, G. and Opdahl, A.L. Eliciting security requirements by misuse cases. In Proc. of TOOLS Pacific 2000, pp. 120-131, (2001)
  15. Swiderski, F. and Snyder, W. Threat Modeling. Microsoft Press. (2004)
Download


Paper Citation


in Harvard Style

J. Pauli J. and Xu D. (2005). Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study . In Proceedings of the 3rd International Workshop on Modelling, Simulation, Verification and Validation of Enterprise Information Systems - Volume 1: MSVVEIS, (ICEIS 2005) ISBN 972-8865-22-8, pages 89-95. DOI: 10.5220/0002560100890095


in Bibtex Style

@conference{msvveis05,
author={Joshua J. Pauli and Dianxiang Xu},
title={Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study},
booktitle={Proceedings of the 3rd International Workshop on Modelling, Simulation, Verification and Validation of Enterprise Information Systems - Volume 1: MSVVEIS, (ICEIS 2005)},
year={2005},
pages={89-95},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002560100890095},
isbn={972-8865-22-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Modelling, Simulation, Verification and Validation of Enterprise Information Systems - Volume 1: MSVVEIS, (ICEIS 2005)
TI - Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study
SN - 972-8865-22-8
AU - J. Pauli J.
AU - Xu D.
PY - 2005
SP - 89
EP - 95
DO - 10.5220/0002560100890095