JSW 2015 Vol.10(4): 491-498 ISSN: 1796-217X
doi: 10.17706/jsw.10.4.491-498
doi: 10.17706/jsw.10.4.491-498
Developing Abuse Cases Based on Threat Modeling and Attack Patterns
Xiaohong Yuan*, Emmanuel Borkor Nuakoh, Imano Williams, Huiming Yu
Department of Computer Science, North Carolina A&T State University, 1601 East Market St., Greensboro, North Carolina, USA.
Abstract—Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft’s threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.
Index Terms—Abuse case, threat modeling, attack patterns, secure software development.
Abstract—Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft’s threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.
Index Terms—Abuse case, threat modeling, attack patterns, secure software development.
Cite: Xiaohong Yuan, Emmanuel Borkor Nuakoh, Imano Williams, Huiming Yu, "Developing Abuse Cases Based on Threat Modeling and Attack Patterns," Journal of Software vol. 10, no. 4, pp. 491-498, 2015.
PREVIOUS PAPER
Towards a RBAC Workflow Model for Thesis Management
NEXT PAPER
Last page
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]