提高误用案例模型的质量:基于风险的方法

2011 10th IEEE/ACIS International Conference on Computer and Information Science Pub Date : 2011-05-16 DOI:10.1109/ICIS.2011.59

M. El-Attar, Irfan Ahmad

{"title":"提高误用案例模型的质量:基于风险的方法","authors":"M. El-Attar, Irfan Ahmad","doi":"10.1109/ICIS.2011.59","DOIUrl":null,"url":null,"abstract":"Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.","PeriodicalId":256762,"journal":{"name":"2011 10th IEEE/ACIS International Conference on Computer and Information Science","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Improving Quality in Misuse Case Models: A Risk-Based Approach\",\"authors\":\"M. El-Attar, Irfan Ahmad\",\"doi\":\"10.1109/ICIS.2011.59\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.\",\"PeriodicalId\":256762,\"journal\":{\"name\":\"2011 10th IEEE/ACIS International Conference on Computer and Information Science\",\"volume\":\"2016 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 10th IEEE/ACIS International Conference on Computer and Information Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIS.2011.59\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 10th IEEE/ACIS International Conference on Computer and Information Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIS.2011.59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

安全性是许多软件系统的关键需求。误用案例建模是一种技术，它允许系统设计人员在开发周期的早期将安全性考虑因素注入到他们的设计中。这可能是确保安全性的一种更有效的方法，而不是在开发后用安全机制修补终端系统。虽然误用用例模型的符号和语法规则相对简单，但开发高质量的误用用例模型并不是一项简单的任务。建模从业者非常容易受到建模错误的影响，创建有缺陷的误用案例模型，从而导致开发不安全的系统。本文提出了一种基于反模式的方法来修复有缺陷的误用案例模型。最后以一个在线手机配件商店子系统的误用案例模型为例，验证了该方法的可行性。结果表明，该技术的应用提高了误用案例模型的整体质量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving Quality in Misuse Case Models: A Risk-Based Approach

Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 10th IEEE/ACIS International Conference on Computer and Information Science

自引率

0.00%

发文量