Misuse case-based design and analysis of secure software architecture

Author

Pauli, Joshua J. ; Xu, Dianxiang

Author_Institution

Coll. of Bus. & Inf. Syst., Dakota State Univ., Madison, SD, USA

Volume

2

fYear

2005

fDate

4-6 April 2005

Firstpage

398

Abstract

This paper presents an approach to the architectural design and analysis of secure software systems based on the system requirements elicited in the form of use cases and misuse cases. We identify architectural components and their connections and analyze whether or not a candidate architecture can address security concerns. This provides a smooth transition from requirements specification to high-level design for engineering secure software systems, and greatly improves the traceability of security concerns, which allows a system developer to know what requirement an architectural component references back to. We demonstrate our approach through a case study on a security-intensive hospital information system.

Keywords

formal specification; medical information systems; object-oriented methods; safety-critical software; security of data; software architecture; case-based design; high-level design; misuse case; secure software systems analysis; security-intensive hospital information system; software architecture; system requirements specification; Communication system security; Computer architecture; Computer science; Educational institutions; Hospitals; Information security; Information systems; Neodymium; Software architecture; Software systems; Software architecture; misuse case; security; use case;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on

Print_ISBN

0-7695-2315-3

Type

conf

DOI

10.1109/ITCC.2005.199

Filename

1425176