Threat modeling for security failure-tolerant requirements

Michael Shin, Swetha Dorbala, Dongsoo Jang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.

Original languageEnglish
Title of host publicationProceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013
Pages594-599
Number of pages6
DOIs
StatePublished - 2013
Event2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013 - Washington, DC, United States
Duration: Sep 8 2013Sep 14 2013

Publication series

NameProceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013

Conference

Conference2013 ASE/IEEE Int. Conf. on Social Computing, SocialCom 2013, the 2013 ASE/IEEE Int. Conf. on Big Data, BigData 2013, the 2013 Int. Conf. on Economic Computing, EconCom 2013, the 2013 PASSAT 2013, and the 2013 ASE/IEEE Int. Conf. on BioMedCom 2013
CountryUnited States
CityWashington, DC
Period09/8/1309/14/13

Keywords

  • Security failure-tolerant requirements
  • Security point
  • Threat modeling
  • Threat point
  • Use case model

Fingerprint Dive into the research topics of 'Threat modeling for security failure-tolerant requirements'. Together they form a unique fingerprint.

Cite this