Experimental Comparison of Misuse Case Maps with Misuse Cases and System Architecture Diagrams for Eliciting Security Vulnerabilities and Mitigations

机译：滥用案例图与滥用案例和系统架构图的实验性比较，以消除安全漏洞和缓解措施

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

The idea of security aware system development from the start of the engineering process is generally accepted nowadays and is becoming applied in practice. Many recent initiatives support this idea with special focus on security requirements elicitation. However, there are so far no techniques that provide integrated overviews of security threats and system architecture. One way to achieve this is by combining misuse cases with use case maps into misuse case maps (MUCM). This paper presents an experimental evaluation of MUCM diagrams focusing on identification of vulnerabilities and mitigations. The controlled experiment with 33 IT students included a complex hacker intrusion from the literature, illustrated either with MUCM or with alternative diagrams. The results suggest that participants using MUCM found significantly more mitigations than participants using regular misuse cases combined with system architecture diagrams.

机译：从工程过程开始就开发具有安全意识的系统的想法如今已广为接受，并在实践中得到应用。最近的许多计划都特别关注安全性需求的获取，从而支持了这一想法。但是，到目前为止，还没有任何技术可以提供有关安全威胁和系统体系结构的综合概述。实现此目的的一种方法是将滥用案例和使用案例图组合成滥用案例图（MUCM）。本文介绍了MUCM图的实验评估，重点是确定漏洞和缓解措施。这项针对33名IT专业学生的受控实验包括来自文献的复杂黑客入侵，可用MUCM或其他示意图进行说明。结果表明，使用MUCM的参与者发现的缓解措施比使用常规滥用案例并结合系统架构图的参与者显着多。

著录项

来源
《2011 Sixth International Conference on Availability, Reliability and Security》|2011年|p.507-514|共8页
会议地点
作者
Karpati Peter; Opdahl Andreas L.; Sindre Guttorm;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类安全保密;
关键词
architectural view; controlled experiment; intrusion analysis; misuse case maps; misuse cases; security requirements;

机译：体系结构视图;受控实验;入侵分析;滥用案例图;滥用案例;安全要求;

相似文献

外文文献
中文文献
专利

1. Investigating security threats in architectural context: Experimental evaluations of misuse case maps [J] . Peter Karpati, Andreas L. Opdahl, Guttorm Sindre The Journal of Systems and Software . 2015,第juna期

机译：在体系结构环境中调查安全威胁：滥用案例图的实验评估
2. Data Security: The Misuse of Technology and Points of Vulnerability in Everyday Information Systems [J] . International Journal of Digital Literacy and Digital Competence . 2019,第4期

机译：数据安全：日常信息系统中的技术滥用和漏洞点
3. Tough on data misuse, tough on the causes of data misuse: A review of New Labour's approach to information security and regulating the misuse of digital information (1997-2010) [J] . Jonathan Bishop International Review of Law Computers & Technology . 2010,第3期

机译：严厉处理数据滥用问题，坚决处理数据滥用原因：New Labour的信息安全方法和对数字信息滥用的规范（1997-2010年）
4. Experimental Comparison of Misuse Case Maps with Misuse Cases and System Architecture Diagrams for Eliciting Security Vulnerabilities and Mitigations [C] . Karpati Peter, Opdahl Andreas L., Sindre Guttorm International Conference on Avilability, Reliability and Security . 2011

机译：误用案例映射的实验比较滥用案例和系统架构图，以引发安全漏洞和减轻
5. Security countermeasures and their impact on information systems misuse: A deterrence perspective. [D] . D'Arcy, John P. 2005

机译：安全对策及其对信息系统滥用的影响：威慑观点。
6. Difficult behaviour in drug-misusing and non-drug-misusing patients in general practice--a comparison. [O] . J Thompson 2001

机译：一般情况下滥用药物和非滥用药物患者的行为困难-比较。
7. Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams [O] . Tor Stålhane, Guttorm Sindre 2012

机译：误用情况下的安全隐患识别：文本和图表的实验比较
8. Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities. [R] . LeMay, E., Scarfone, K., Mell, P. 2012

机译：常见滥用评分系统（Cmss）：软件功能滥用漏洞的度量标准。

Experimental Comparison of Misuse Case Maps with Misuse Cases and System Architecture Diagrams for Eliciting Security Vulnerabilities and Mitigations

摘要

著录项

相似文献

相关主题

期刊订阅