Abstract

Current security requirements engineering methods tend to take an atomic and single-perspective view on attacks, treating them as threats, vulnerabilities or weaknesses from which security requirements can be derived. This approach may cloud the big picture of how many smaller weaknesses in a system contribute to an overall security flaw. The proposed Hacker Attack Representation Method (HARM) combines well-known and recently developed security modeling techniques in order represent complex and creative hacker attacks diagrammatically from multiple perspectives. The purpose is to facilitate overviews of intrusions on a general level and to make it possible to involve different stakeholder groups in the process, including non-technical people who prefer simple, informal representations. The method is tied together by a meta model. Both the method and the meta model are illustrated with a security attack reported in the literature.

-- DanielAmyot - 03 Apr 2014

Discussion

FormForVirtualLibrary edit

Title HARM: Hacker Attack Representation Method
Authors P. Karpati, A.L. Opdahl, and G. Sindre
Type Conference
Conference/Journal Title Software and Data Technologies (ICSOFT 2010)
Volume/Number
Editors J. Cordeiro et al.
Publisher Springer
Month July
Year 2013
Pages 156-175
DOI 10.1007/978-3-642-29578-2_10
Keywords Security requirements engineering, Intrusion analysis, Metamodeling, Misuse Case Maps (MUCM)
Topic revision: r1 - 03 Apr 2014, DanielAmyot
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback