• DocumentCode
    1923286
  • Title

    Modeling Misuse Patterns

  • Author

    Fernandez, Eduardo B. ; Yoshioka, Nobukazu ; Washizaki, Hironori

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Florida Atlantic Univ., Boca Raton, FL
  • fYear
    2009
  • fDate
    16-19 March 2009
  • Firstpage
    566
  • Lastpage
    571
  • Abstract
    Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.
  • Keywords
    security of data; software quality; forensics data; misuse pattern modelling; security patterns; software quality; Availability; Computer science; Computer security; Data security; Forensics; Information security; National security; Pattern analysis; Performance analysis; Reliability engineering; Object-oriented design; UML models; security patterns; software security; system security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2009. ARES '09. International Conference on
  • Conference_Location
    Fukuoka
  • Print_ISBN
    978-1-4244-3572-2
  • Electronic_ISBN
    978-0-7695-3564-7
  • Type

    conf

  • DOI
    10.1109/ARES.2009.139
  • Filename
    5066527