Threat modeling for security failure-tolerant requirements

Michael Shin; Swetha Dorbala; Dongsoo Jang

doi:10.1109/SocialCom.2013.89

Threat modeling for security failure-tolerant requirements

Michael Shin, Swetha Dorbala, Dongsoo Jang

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.

Original language	English
Title of host publication	Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013
Pages	594-599
Number of pages	6
DOIs	https://doi.org/10.1109/SocialCom.2013.89
State	Published - 2013
Event	2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013 - Washington, DC, United States Duration: Sep 8 2013 → Sep 14 2013

Publication series

Name	Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013

Conference

Conference	2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013
Country/Territory	United States
City	Washington, DC
Period	09/8/13 → 09/14/13

Keywords

Security failure-tolerant requirements
Security point
Threat modeling
Threat point
Use case model

Access to Document

10.1109/SocialCom.2013.89

Cite this

@inproceedings{d2257c79da00475eafe50243a1a60eac,

title = "Threat modeling for security failure-tolerant requirements",

abstract = "This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.",

keywords = "Security failure-tolerant requirements, Security point, Threat modeling, Threat point, Use case model",

author = "Michael Shin and Swetha Dorbala and Dongsoo Jang",

year = "2013",

doi = "10.1109/SocialCom.2013.89",

language = "English",

isbn = "9780769551371",

series = "Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013",

pages = "594--599",

booktitle = "Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013",

note = "2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013 ; Conference date: 08-09-2013 Through 14-09-2013",

}

Shin, M, Dorbala, S & Jang, D 2013, Threat modeling for security failure-tolerant requirements. in Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013., 6693386, Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013, pp. 594-599, 2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013, Washington, DC, United States, 09/8/13. https://doi.org/10.1109/SocialCom.2013.89

TY - GEN

T1 - Threat modeling for security failure-tolerant requirements

AU - Shin, Michael

AU - Dorbala, Swetha

AU - Jang, Dongsoo

PY - 2013

Y1 - 2013

N2 - This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.

AB - This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.

KW - Security failure-tolerant requirements

KW - Security point

KW - Threat modeling

KW - Threat point

KW - Use case model

UR - http://www.scopus.com/inward/record.url?scp=84893590212&partnerID=8YFLogxK

U2 - 10.1109/SocialCom.2013.89

DO - 10.1109/SocialCom.2013.89

M3 - Conference contribution

AN - SCOPUS:84893590212

SN - 9780769551371

T3 - Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013

SP - 594

EP - 599

BT - Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013

T2 - 2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013

Y2 - 8 September 2013 through 14 September 2013

ER -

Threat modeling for security failure-tolerant requirements

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this