THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS
Dianxiang Xu
2005
Abstract
To deal with software security issues in the early stages of system development, this paper presents a threat-driven approach to the architectural design and analysis of secure information systems. In this approach, we model security threats to systems with misuse cases and mitigation requirements with mitigation use cases at the requirements analysis phase. Then we drive system architecture design (including the identification of architectural components and their connections) by use cases, misuse cases, and mitigation use cases. According to the misuse case-based threat model, we analyze whether or not a candidate architecture is resistant to the identified security threats and what constraints must be imposed on the choices of system implementation. This provides a smooth transition from requirements specification to high-level design and greatly improves the traceability of security concerns in high assurance information systems. We demonstrate our approach through a case study on a security-intensive payroll information system.
References
- Aalst, W. and Hee, K.V, 2002. Workflow Management: Models, Methods, and Systems, ISBN : 0-262- 1189-1, MIT Press.
- Aler, R. Borrajo, D. Camacho, D. and SierraAlonso, A. , 2002 A knowledge-based approach for business process reengineering, SHAMASH. Knowledge Based Systems, 15(8):473-483.
- Borrajo, D. Vegas, S. and Veloso, M., 2001. Quality based learning for planning. In Working notes of the IJCAI'01 Workshop on Planning with Resources, pages 9-17, Seattle, WA (USA), IJCAI Press.
- Drabble, B. Koehler, J. and Refanidis, I. editors, 2002. Proceedings of the AIPS-02 Workshop on Planning and Scheduling with Multiple Criteria, Toulouse (France).
- Estlin, T.A and Mooney, R.J., 1996. Multistrategy learning of search control for partial-order planning. In Proceedings of the Thirteenth National Conference on Artificial Intelligence, volume I, pages 843-848, Portland, Oregon. AAAI Press/MIT Press.
- Haslum, P. and Geffner, H., 2000. Admissible heuristics for optimal planning. In Proceedings of the Fifth International Conference on AI Planning Systems (AIPS-2000), pages 70-82.
- Jensen, P.A and Bard, J.F., 2001. Operations Research Models and Methods, ISBN : 0-471- 38004-0, Wiley Higher Education
- Krajewski, L. and Ritzman, P., 2001. Operations Management: Strategy and Analysis (6th Edition), Prentice Hall, London, 2nd edition.
- Nareyek, A. editor, 2001. Working notes of the IJCAI'01 Workshop on Planning with Resources, Seattle, WA (USA), IJCAI Press.
- Williamson, M and Hanks, S., 1994. Optimal planning with a goal-directed utility model. In K. Hammond, editor, Proceedings of the Second International Conference on Artificial Intelligence Planning Systems (AIPS94), pages 176-181, Chicago, Illinois.
Paper Citation
in Harvard Style
Xu D. (2005). THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 972-8865-19-8, pages 233-239. DOI: 10.5220/0002552002330239
in Bibtex Style
@conference{iceis05,
author={Dianxiang Xu},
title={THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2005},
pages={233-239},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002552002330239},
isbn={972-8865-19-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS
SN - 972-8865-19-8
AU - Xu D.
PY - 2005
SP - 233
EP - 239
DO - 10.5220/0002552002330239