误用、滥用和重用:描述安全需求的经济效用函数

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.90

Chad Heitzenrater, A. Simpson

{"title":"误用、滥用和重用:描述安全需求的经济效用函数","authors":"Chad Heitzenrater, A. Simpson","doi":"10.1109/ARES.2016.90","DOIUrl":null,"url":null,"abstract":"Negative use cases - in the form of 'misuse' or 'abuse' cases - have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"127 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements\",\"authors\":\"Chad Heitzenrater, A. Simpson\",\"doi\":\"10.1109/ARES.2016.90\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Negative use cases - in the form of 'misuse' or 'abuse' cases - have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"127 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.90\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.90","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

消极用例——以“误用”或“滥用”用例的形式——在安全社区中已经找到了广泛的追随者，因为它们能够明确涉众对系统的真实和感知威胁的知识、假设和愿望。作为一种公认的威胁建模工具，它们已经成为许多安全软件工程(SSE)过程的标准部分。尽管这种广泛采用，原始误用案件概念的各个方面尚未在文献中得到正式处理。本文考虑在负面用例开发过程中应用经济效用函数，作为解决现有挑战的一种手段。我们提供了一个简单的演示，说明现有的实践如何集成经济因素来描述围绕系统安全和软件开发的业务、管理和功能关注点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements

Negative use cases - in the form of 'misuse' or 'abuse' cases - have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量