loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Peter Karpati 1 ; Guttorm Sindre 1 and Andreas L. Opdahl 2

Affiliations: 1 Norwegian University of Science and Technology, Norway ; 2 University of Bergen, Norway

ISBN: 978-989-8425-23-2

Keyword(s): Intrusion analysis, Security requirements, Misuse case, Attack tree, Attack pattern.

Related Ontology Subjects/Areas/Topics: Cross-Feeding between Data and Software Engineering ; Model-Driven Engineering ; Requirements Elicitation and Specification ; Software Engineering ; Software Engineering Methods and Techniques ; Software Testing and Maintenance

Abstract: Security must be addressed at an early stage of information systems development, and one must learn from previous hacker attacks to avoid similar exploits in the future. Many security threats are hard to understand for stakeholders with a less technical background. To address this issue, we present a five-step method that represents hacker intrusions diagrammatically. It lifts specific intrusions to a more general level of modelling and distils them into threats that should be avoided by a new or modified IS design. It allows involving different stakeholder groups in the process, including non-technical people who prefer simple, informal representations. For this purpose, the method combines five different representation techniques that together provide an integrated view of security attacks and system architecture. The method is illustrated with a real intrusion from the literature, and its representation techniques are tied together as a set of extensions of the UML metamodel.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.172.195.49

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Karpati P.; Sindre G.; Opdahl A. and (2010). TOWARDS A HACKER ATTACK REPRESENTATION METHOD.In Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8425-23-2, pages 92-101. DOI: 10.5220/0003010000920101

@conference{icsoft10,
author={Peter Karpati and Guttorm Sindre and Andreas L. Opdahl},
title={TOWARDS A HACKER ATTACK REPRESENTATION METHOD},
booktitle={Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2010},
pages={92-101},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003010000920101},
isbn={978-989-8425-23-2},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - TOWARDS A HACKER ATTACK REPRESENTATION METHOD
SN - 978-989-8425-23-2
AU - Karpati, P.
AU - Sindre, G.
AU - Opdahl, A.
PY - 2010
SP - 92
EP - 101
DO - 10.5220/0003010000920101

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.