Title :
Threat Modeling for Security Failure-Tolerant Requirements
Author :
Shin, M. ; Dorbala, Swetha ; Dongsoo Jang
Author_Institution :
Dept. of Comput. Sci., Texas Tech Univ., Lubbock, TX, USA
Abstract :
This paper describes an approach to modeling security threats to applications and to deriving security failure-tolerant requirements from the threats. This paper assumes that unbreakable core security services for applications, such as authentication, access control, cryptosystem, or digital signature, are broken all the time in a real-world setting. The UML use case model for application requirements is analyzed to model security threats to the system in terms of threat points at which each threat is described using a structured template. This paper also derives security failure-tolerant requirements from the threats at threat points, and the requirements are modeled by means of security failure-tolerant use cases separately from application use cases in the use case model. A security failure-tolerant use case is extended from an application use case at a security point. The Internet banking application is used to illustrate the proposed approach.
Keywords :
Unified Modeling Language; authorisation; computer crime; cryptography; digital signatures; fault tolerant computing; Internet banking; UML use case model; access control; application requirements; application use cases; authentication; cryptosystem; digital signature; security failure-tolerant requirements; security failure-tolerant use cases; security services; security threats modeling; structured template; threat points; Analytical models; Authentication; Business; Object oriented modeling; Online banking; Unified modeling language; security failure-tolerant requirements; security point; threat modeling; threat point; use case model;
Conference_Titel :
Social Computing (SocialCom), 2013 International Conference on
Conference_Location :
Alexandria, VA
DOI :
10.1109/SocialCom.2013.89
