Title :
Security risk modelling using SecureUML
Author :
Chowdhury, Mohammad Jabed Morshed
Author_Institution :
Dept. of Comput. Sci. & Eng., Daffodil Int. Univ., Dhaka, Bangladesh
Abstract :
Several security modelling languages (e.g., Misuse case, Secure Tropos) help dealing with security risk management at the system requirements stage. But no design level modelling language has been explored to model security risk. In this paper, we are focusing on SecureUML which is a design level modelling language to represent security risk. More specifically we investigate how SecureUML supports information systems security risks management (ISSRM). The outcome of this work is an alignment table between SecureUML language constructs to the constructs of the ISSRM domain model. We ground our analysis on the number of illustrative examples. We hope that our results will help developers to understand how they can consider security risks at the system design stage. It also indentifies the shortcomings of SecureUML to model security risk and provides recommendations for improvement.
Keywords :
Unified Modeling Language; formal specification; risk management; security of data; ISSRM domain model; Misuse case; Secure Tropos; SecureUML language construct; alignment table; design level modelling language; information system security risks management; security modelling language; security risk management; security risk modelling; security risk representation; system design; system requirements; Authorization; Computational modeling; Computer hacking; Risk management; Unified modeling language; SecureUML; Security; Security risk modelling;
Conference_Titel :
Computer and Information Technology (ICCIT), 2013 16th International Conference on
Conference_Location :
Khulna
DOI :
10.1109/ICCITechn.2014.6997358
