Article

Identifying Security Requirements Hybrid Technique

Authors:

Vandana Gandotra,

Archana Singhal,

Punam BediAuthors Info & Claims

ICSEA '09: Proceedings of the 2009 Fourth International Conference on Software Engineering Advances

Pages 407 - 412

https://doi.org/10.1109/ICSEA.2009.65

Published: 20 September 2009 Publication History

Publisher Site

Abstract

There were times when software systems and networks posed no or very little security problems. However, with expanding connectivity during last few years problem of security has been making headlines. This is due to increase in threat environment and breach of security vital to the interest of end users. Keeping in view the security requirements in the present system all the attack points which can be threatened have to be identified, analyzed and remedial measures taken at the initial stage of software development process. The use of multiple techniques is the subject of research for deriving security requirements. In this paper, we are overlapping misuse case and attack trees techniques to propose a new technique named “Hybrid Technique”. This Hybrid Technique merges the strengths of misuse cases and attack trees making the system stronger to mitigate weaknesses effectively in large and complex systems. In our approach we firstly identify threats using the concepts of threat modeling, and then map these threats into security requirements using Hybrid Technique. In the case study, we have used this technique for specifying security requirements for wireless hotspots.

Cited By

View all

Karpati PRedda YOpdahl ASindre G(2014)Comparing attack trees and misuse cases in an industrial settingInformation and Software Technology10.1016/j.infsof.2013.10.00456:3(294-308)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1016/j.infsof.2013.10.004
Bedi PGandotra VSinghal ANarang HSharma S(2013)Mitigating multi-threats optimally in proactive threat managementACM SIGSOFT Software Engineering Notes10.1145/2413038.241304138:1(1-7)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2413038.2413041
Gandotra VArchana Singhal ABedi P(2011)Layered security architecture for threat management using multi-agent systemACM SIGSOFT Software Engineering Notes10.1145/2020976.202098436:5(1-11)Online publication date: 30-Sep-2011
https://dl.acm.org/doi/10.1145/2020976.2020984

Identifying Security Requirements Hybrid Technique
1. Social and professional topics
  1. Computing / technology policy

Recommendations

An Alternative Threat Model-based Approach for Security Testing

In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer ...
Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts
SSIRI '11: Proceedings of the 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, ...
Cyber security analysis using attack countermeasure trees
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Attack tree (AT) is one of the widely used combinatorial models in cyber security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DT) have been developed to investigate the effect of defense mechanisms ...

Comments

Information & Contributors

Information

Published In

ICSEA '09: Proceedings of the 2009 Fourth International Conference on Software Engineering Advances

September 2009

584 pages

ISBN:9780769537771

Publisher

IEEE Computer Society

United States

Publication History

Published: 20 September 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Karpati PRedda YOpdahl ASindre G(2014)Comparing attack trees and misuse cases in an industrial settingInformation and Software Technology10.1016/j.infsof.2013.10.00456:3(294-308)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1016/j.infsof.2013.10.004
Bedi PGandotra VSinghal ANarang HSharma S(2013)Mitigating multi-threats optimally in proactive threat managementACM SIGSOFT Software Engineering Notes10.1145/2413038.241304138:1(1-7)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2413038.2413041
Gandotra VArchana Singhal ABedi P(2011)Layered security architecture for threat management using multi-agent systemACM SIGSOFT Software Engineering Notes10.1145/2020976.202098436:5(1-11)Online publication date: 30-Sep-2011
https://dl.acm.org/doi/10.1145/2020976.2020984

Abstract

Cited By

Recommendations

An Alternative Threat Model-based Approach for Security Testing

Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts

Cyber security analysis using attack countermeasure trees

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations