By Topic

Experimental Comparison of Misuse Case Maps with Misuse Cases and System Architecture Diagrams for Eliciting Security Vulnerabilities and Mitigations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Karpati, P. ; Dept. of Comput. & Inf. Sci., Norwegian Univ. of Sci. & Technol., Trondheim, Norway ; Opdahl, Andreas L. ; Sindre, G.

The idea of security aware system development from the start of the engineering process is generally accepted nowadays and is becoming applied in practice. Many recent initiatives support this idea with special focus on security requirements elicitation. However, there are so far no techniques that provide integrated overviews of security threats and system architecture. One way to achieve this is by combining misuse cases with use case maps into misuse case maps (MUCM). This paper presents an experimental evaluation of MUCM diagrams focusing on identification of vulnerabilities and mitigations. The controlled experiment with 33 IT students included a complex hacker intrusion from the literature, illustrated either with MUCM or with alternative diagrams. The results suggest that participants using MUCM found significantly more mitigations than participants using regular misuse cases combined with system architecture diagrams.

Published in:

Availability, Reliability and Security (ARES), 2011 Sixth International Conference on

Date of Conference:

22-26 Aug. 2011