Defining security requirements through misuse actions
- Autores
- Fernández, Eduardo B.; Van Hilst, Michael; Larrondo Petrie, Maria M.; Huang, Shihong
- Año de publicación
- 2006
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification.
1st International Workshop on Advanced Software Engineering: Expanding the Frontiers of Software Technology - Session 3: Software Development Process
Red de Universidades con Carreras en Informática (RedUNCI) - Materia
-
Ciencias Informáticas
Security - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/24047
Ver los metadatos del registro completo
| id |
SEDICI_ed4896e43c5187e223dc1bbd9348993c |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/24047 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Defining security requirements through misuse actionsFernández, Eduardo B.Van Hilst, MichaelLarrondo Petrie, Maria M.Huang, ShihongCiencias InformáticasSecurityAn important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification.1st International Workshop on Advanced Software Engineering: Expanding the Frontiers of Software Technology - Session 3: Software Development ProcessRed de Universidades con Carreras en Informática (RedUNCI)2006-08info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdfhttp://sedici.unlp.edu.ar/handle/10915/24047enginfo:eu-repo/semantics/altIdentifier/isbn/0-387-34828-Xinfo:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/2.5/ar/Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-09-29T10:55:41Zoai:sedici.unlp.edu.ar:10915/24047Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-09-29 10:55:41.491SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Defining security requirements through misuse actions |
| title |
Defining security requirements through misuse actions |
| spellingShingle |
Defining security requirements through misuse actions Fernández, Eduardo B. Ciencias Informáticas Security |
| title_short |
Defining security requirements through misuse actions |
| title_full |
Defining security requirements through misuse actions |
| title_fullStr |
Defining security requirements through misuse actions |
| title_full_unstemmed |
Defining security requirements through misuse actions |
| title_sort |
Defining security requirements through misuse actions |
| dc.creator.none.fl_str_mv |
Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong |
| author |
Fernández, Eduardo B. |
| author_facet |
Fernández, Eduardo B. Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong |
| author_role |
author |
| author2 |
Van Hilst, Michael Larrondo Petrie, Maria M. Huang, Shihong |
| author2_role |
author author author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Security |
| topic |
Ciencias Informáticas Security |
| dc.description.none.fl_txt_mv |
An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification. 1st International Workshop on Advanced Software Engineering: Expanding the Frontiers of Software Technology - Session 3: Software Development Process Red de Universidades con Carreras en Informática (RedUNCI) |
| description |
An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification. |
| publishDate |
2006 |
| dc.date.none.fl_str_mv |
2006-08 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/24047 |
| url |
http://sedici.unlp.edu.ar/handle/10915/24047 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/isbn/0-387-34828-X |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1844615816626044928 |
| score |
13.070432 |