Peter Karpati, Guttorm Sindre, Andreas L. Opdahl


Security must be addressed at an early stage of information systems development, and one must learn from previous hacker attacks to avoid similar exploits in the future. Many security threats are hard to understand for stakeholders with a less technical background. To address this issue, we present a five-step method that represents hacker intrusions diagrammatically. It lifts specific intrusions to a more general level of modelling and distils them into threats that should be avoided by a new or modified IS design. It allows involving different stakeholder groups in the process, including non-technical people who prefer simple, informal representations. For this purpose, the method combines five different representation techniques that together provide an integrated view of security attacks and system architecture. The method is illustrated with a real intrusion from the literature, and its representation techniques are tied together as a set of extensions of the UML metamodel.


  1. Amyot, D., Mussbacher, G. (2000) On the Extension of UML with Use Case Maps Concepts. Proc. UML 2000, pp 16-31.
  2. Alexander I. (2003) Misuse Cases: Use Cases with Hostile Intent, IEEE Software, 20(1):58-66.
  3. Barnum, S. (2007) Attack Patterns as a Knowledge Resource for Building Secure Software, In A. Sethi (ed.) Cigital: OMG Software Assurance WS
  4. Benyon, D., Skidmore, S. (1987) Towards a Tool Kit For the Systems Analyst, The Computer Journal 30(1):2-7
  5. Buhr R. J. A. (1996) Use case maps for attributing behaviour to system architecture, Proc. 4th Int. WS on Parallel and Distributed Real-Time Systems, p.3
  6. Buhr R.J.A., Casselman R.S. (1995) Use Case Maps for Object-Oriented Systems, Prentice Hall
  7. Cheung, S., Lindqvist, U., Valdez, R. (2003) Correlated Attack Modeling (CAM), Final Technical Report by SRI International, October 2003
  8. Gegick, M., Williams, L., (2005) Matching attack patterns to security vulnerabilities in softwareintensive system designs, Proc. SESS05 - building trustworthy applications, pp 1-7
  9. Gutierrez, C., Fernandez-Medina, E., Piattini, M. (2005a), Web services enterprise security architecture: a case study. Proc. WS on Secure Web Services (SWS'05) , Fairfax, VA, USA.
  10. Gutierrez, C., Fernandez-Medina, E., Piattini, M. (2005b), Towards a Process for Web Services Security, Proc.WOSIS'05 at ICEIS'05, Miami, Florida, USA.
  11. Gutierrez, C., Fernandez-Medina, E., Piattini, M. (2006), PWSSec: Process for Web Services Security, In Proc. ICWS 7806, pp.213-222, 18-22
  12. Karpati P., Sindre G., Opdahl A. L. (2010) Illustrating Cyber Attacks with Misuse Case Maps, Proc. REFSQ
  13. Maurya, S., Jangam, E., Talukder, M., Pais, A.R. (2009) Suraksha: A security designers' workbench. Proc. 2009, pp. 59-66.
  14. Mead, N.R, Stehney, T. (2005) Security Quality Requirements Engineering (SQUARE) Methodology. In Proc SESS'05. St. Louis, MO, May 15-16, 2005
  15. Mitnick K. D., Simon W. L. (2006) The Art of Intrusion, Wiley Publishing Inc.
  16. Neumann, P.G., Porras, P.A.. (1999) Experience with EMERALD to date. Proc WS on Intrusion Detection and Network Monitoring, pp:73-80
  17. Ning, P., Cui, Y., Reeves, D.S. (2002) Constructing attack scenarios through correlation of intrusion alerts. Proc. 9th ACM conf. on CCS, pp: 245-254
  18. OMG Unified Modeling LanguageTM (OMG UML), Superstructure Version 2.2, Feb. 2009
  19. Opdahl A. L., Sindre, G. (2009) Experimental Comparison of Attack Trees and Misuse Cases for Security Threat Identification, Information and Software Technology, 51(5):916-932
  20. Schneier, B. (1999) Attack Trees, Dr. Dobb's Journal
  21. Schneier, B. (2000) Secrets and Lies: Digital Security in a Networked World, Wiley.
  22. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M. (2002) Automated Generation and Analysis of Attack Graphs, Proc. IEEE Symposium on Security and Privacy, p.273, May 12-15
  23. Sindre, G. (2007). Mal-Activity Diagrams for Capturing Attacks on Business Processes. Lecture Notes in Computer Science, vol. 4542. pp 355-366
  24. Sindre, G., Opdahl A.L. (2005). Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1): 34-44
  25. Sindre, G., Opdahl, A.L., Brevik, G.F. (2002) Generalization/Specialization as a Structuring Mechanism for Misuse Cases. Proc. SREIS'2002.
  26. Steele, P., Zaslavsky, A. (1993) The Role of Metamodels in Federating System Modelling Techniques, In Proc ER'93, Dallas, USA, pp 301-12
  27. Templeton, S.J., Levitt, K. (2000) A requires/provides model for computer attacks, Proc. WS on New security paradigms, pp.31-38.
  28. The Mitre Corp. (2010): Common Attack Pattern Enumeration and Classification, Accessed: 30.3.2010.OMG (2009)
  29. Tøndel, I.A., Jensen, J., Røstad, L. (2010) Combining misuse cases with attack trees and security activity models Proc. OSA workshop.

Paper Citation

in Harvard Style

Karpati P., Sindre G. and Opdahl A. (2010). TOWARDS A HACKER ATTACK REPRESENTATION METHOD . In Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8425-23-2, pages 92-101. DOI: 10.5220/0003010000920101

in Bibtex Style

author={Peter Karpati and Guttorm Sindre and Andreas L. Opdahl},
booktitle={Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,},

in EndNote Style

JO - Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,
SN - 978-989-8425-23-2
AU - Karpati P.
AU - Sindre G.
AU - Opdahl A.
PY - 2010
SP - 92
EP - 101
DO - 10.5220/0003010000920101