{"title":"Improving Quality in Misuse Case Models: A Risk-Based Approach","authors":"M. El-Attar, Irfan Ahmad","doi":"10.1109/ICIS.2011.59","DOIUrl":null,"url":null,"abstract":"Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.","PeriodicalId":256762,"journal":{"name":"2011 10th IEEE/ACIS International Conference on Computer and Information Science","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 10th IEEE/ACIS International Conference on Computer and Information Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIS.2011.59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
