USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN

Haralambos Mouratidis, Paolo Giorgini, Gordon Manson

Abstract

It has been widely argued in the literature that security concerns should be integrated with software engineering practices. However, only recently work has been initiated towards this direction. Most of this work, however, only considers how security can be analysed during the development lifecycles and not how the security of an information system can be tested during the analysis and design stages. In this paper we present results from the development of a technique, which is based on the use of scenarios, to test the reaction of an information system against potential security attacks.

References

  1. Anton, A.I., McCracken W.M., Potts C., 1994. Goal Decomposition and Scenario Analysis in Business Process Reengineering, Proceedings of the 6th Conference on Advanced Information Systems (CAiSE-1994), The Netherlands.
  2. Carroll, J.M., Rosson, M.B., 1991. Getting Around the Task-Artifact Cycle: How to Make Claims and Design by Scenario, IBM Research Report, Human Computer Interaction, RC 17908 (75365).
  3. Kosters, G., Pagel, B.U., Winter, M., 1997. Coupling Use Cases and Class Models, Proceedings of the BCS-FACS/EROS workshop on "Making Object Oriented Methods More Rigorous", Imperial College, London-England.
  4. Lalioti, V., Theodoulidis, C., 1995. Visual Scenarios for Validation of Requirements Specification, Proceedings of the 7th International Conference on Software Engineering and Knowledge Engineering (SEKE'95), Rochville, Maryland-USA.
  5. Liu, L., Yu, E., Mylopoulos, J., 2002. Analyzing Security Requirements as Relationships Among Strategic Actors, Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS'02), Raleigh-North Carolina.
  6. Mouratidis, H., 2002. Extending Tropos Methodology to Accommodate Security, Progress Report, Computer Science Department, University of Sheffield.
  7. Mouratidis, H., 2003d. Analysis and Design of a Multiagent System to Deliver the Single Assessment Process for Older People, RANK Report, Computer Science Department, University of Sheffield.
  8. Mouratidis, H., Giorgini, P., Manson, G., 2003a. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, Proceedings of the 15th Conference on Advance Information Systems (CAiSE-2003), Velden-Austria.
  9. Mouratidis, H., Giorgini, P., Manson, G., 2003b. Modelling Secure Multiagent Systems, Proceedings of the 2nd International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS-2003), Melbourne-Australia.
  10. Mouratidis, H., Giorgini, P., Manson, G., Gani A., 2003. Analysing Security Requirements of Information Systems Using Tropos, Proceedings of the 5th International Conference on Enterprise Information Systems (ICEIS-2003), Angers-France.
  11. Mouratidis, H., Philp, I., Manson, G., 2003c. A Novel Agent-Based System to Support the Single Assessment Process of Older People, (to appear) Journal of Health Informatics.
  12. Potts, C., Takahashi, K., Anton A.I., 1994. Inquiry Based Requirements Analysis, IEEE Software, March 1994.
  13. Ryser, J., Glinz, M., 1999. A Practical Approach to Validating and Testing Software Systems Using Scenarios, Proceedings of the Third International Software Quality Week Europe (QWE'99), Brussel-, Belgium.
  14. Ryser, J., Glinz, M., 2000. SCENT - A Method Employing Scenarios to Systematically Derive Test Cases for System Test, Technical Report 2000.03, Institut für Informatik, University of Zurich.
  15. Schneier, B., 2000. Secrets and Lies: Digital Security in a Networked World, John Willey and Sons.
  16. Stallings, W., 1999. Cryptography and Network Security: Principles and Practice, Prentice-Hall, Second Edition.
  17. Yu, E., 1995. Modelling Strategic Relationships for Process Reengineering, PhD thesis, Department of Computer Science, University of Toronto, Canada.
Download


Paper Citation


in Harvard Style

Mouratidis H., Giorgini P. and Manson G. (2004). USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN . In Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-00-7, pages 10-17. DOI: 10.5220/0002599000100017


in Bibtex Style

@conference{iceis04,
author={Haralambos Mouratidis and Paolo Giorgini and Gordon Manson},
title={USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN},
booktitle={Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2004},
pages={10-17},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002599000100017},
isbn={972-8865-00-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Sixth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN
SN - 972-8865-00-7
AU - Mouratidis H.
AU - Giorgini P.
AU - Manson G.
PY - 2004
SP - 10
EP - 17
DO - 10.5220/0002599000100017