JSW 2015 Vol.10(4): 491-498 ISSN: 1796-217X
doi: 10.17706/jsw.10.4.491-498
doi: 10.17706/jsw.10.4.491-498
Developing Abuse Cases Based on Threat Modeling and Attack Patterns
Xiaohong Yuan*, Emmanuel Borkor Nuakoh, Imano Williams, Huiming Yu
Department of Computer Science, North Carolina A&T State University, 1601 East Market St., Greensboro, North Carolina, USA.
Abstract—Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft’s threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.
Index Terms—Abuse case, threat modeling, attack patterns, secure software development.
Abstract—Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft’s threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.
Index Terms—Abuse case, threat modeling, attack patterns, secure software development.
Cite: Xiaohong Yuan, Emmanuel Borkor Nuakoh, Imano Williams, Huiming Yu, "Developing Abuse Cases Based on Threat Modeling and Attack Patterns," Journal of Software vol. 10, no. 4, pp. 491-498, 2015.
PREVIOUS PAPER
Towards a RBAC Workflow Model for Thesis Management
NEXT PAPER
Last page
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
-
Apr 26, 2021 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
Papers published in JSW Vol 16, No 1- Vol 16, No 6 have been indexed by DBLP [Click]
-
Dec 24, 2021 News!
Vol 15, No 1- Vol 15, No 6 has been indexed by IET-(Inspec) [Click]
-
Nov 18, 2021 News!
[CFP] 2022 the annual meeting of JSW Editorial Board, ICCSM 2022, will be held in Rome, Italy, July 21-23, 2022 [Click]
-
Aug 01, 2023 News!