BT Technology Journal

, Volume 25, Issue 1, pp 118–127 | Cite as

Security risk mitigation for information systems

  • V. Page
  • M. Dixon
  • I. Choudhury


Security risk mitigation is a salient issue in systems development research. This paper introduces a lightweight approach to security risk mitigation that can be used within an Agile Development framework — the Security Obstacle Mitigation Model (SOMM). The SOMM uses the concept of trust assumptions to derive obstacles and the concept of misuse cases to model the obstacles. A synthetic scenario, based on an on-line system, shows how the SOMM is used to anticipate malicious behaviour with respect to an operational information system and to document a priori how this malicious behaviour should be mitigated. Since the SOMM is conceptually simple in deployment, its use is well within the capacities of the users who form part of an Agile Development team and crucially it should not take up a significant amount of development time.


Security Requirement Action Research Project Malicious Behaviour Case Diagram Tolerance Line 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Stallings W: ’Business Data Communications (5th Edition)’, Pearson Prentice Hall (2005).Google Scholar
  2. 2.
    Potts C: ’Using Schematic Scenarios to Understand User Needs’, Proceedings of the ACM Symposium on Designing Interactive Systems: Processes, Practices, and Techniques, pp 247–256 (1995).Google Scholar
  3. 3.
    Fickas S and Feather M: ’Requirements Monitoring in Dynamic Environments’, Proceedings of the 2nd IEEE International Symposium on Requirements Engineering, pp 140–147 (1995).Google Scholar
  4. 4.
    Lamsweerde A, Letier E and Ponsard C: ’Leaving Inconsistency’, Position paper for the ICSE’97 workshop on Living with Inconsistency (1997).Google Scholar
  5. 5.
    Page V, Laney R, Dixon M and Haley C: ’Trust Obstacle Mitigation for Database Systems’, Proceedings of the 23rd British National Conference on Databases, pp 254–257 (2006).Google Scholar
  6. 6.
    Viega J, Kohno T and Potter B: ’Trust (and mistrust) in Secure Applications’, Communications of the ACM, 44, No 2, pp 31–36 (2001).CrossRefGoogle Scholar
  7. 7.
    Dewar J: ’Assumption-Based Planning: A Tool for Reducing Avoidable Surprises’, Cambridge University Press (2002).Google Scholar
  8. 8.
    Sindre G and Opdahl A: ’Eliciting Security Requirements by Misuse Cases’, Proceedings of the 37th International Conference on Technology Object-Oriented Languages and Systems, pp 120–131 (2000).Google Scholar
  9. 9.
    Page V, Dixon M and Choudhury I: ’Mitigating Data Gathering Obstacles within an Agile Information Systems Development Environment’, Proceedings of the 10th International Conference on Intelligent Engineering Systems, pp 11–16 (2006).Google Scholar
  10. 10.
    Hughes B and Cotterell M: ’Software Project Management (4th Edition)’, McGraw Hill (2006).Google Scholar
  11. 11.
    Haley C, Laney R, Moffett J and Nuseibeh B: ’The Effect of Trust Assumptions on the Elaboration of Security Requirements’, Proceedings of the 12th International Requirements Engineering Conference, pp 102–111 (2004).Google Scholar
  12. 12.
    Haley C, Moffett J, Laney R, Nuseibeh B: ’Arguing Security: Validating Security Requirements Using Structured Argumentation’, Proceedings of the 3rd Symposium on Requirements Engineering for Information Security held in conjunction with the 13th International Requirements Engineering Conference (2005).Google Scholar
  13. 13.
    Lamsweerde A and Letier E: ’Handling Obstacles in Goal-Oriented Requirements Engineering’, IEEE Transactions on Software Engineering, 26, No 10, pp 978–1005 (2000).CrossRefGoogle Scholar
  14. 14.
    Lamsweerde A: ’Elaborating Security Requirements by Construction of Intentional Anti-Models’, Proceedings of the 26th International Conference on Software Engineering, pp 148–157 (2004).Google Scholar
  15. 15.
    Alexander I: ’Misuse cases: use cases with hostile intent’, IEEE Software, 20, No 1, pp 58–66 (2003).CrossRefGoogle Scholar
  16. 16.
    McDermott J: ’Abuse-Case-Based Assurance Arguments’, Proceedings of the 17th Computer Security Applications Conference, pp 366–374 (2001).Google Scholar
  17. 17.
    Dwaikat Z and Parisi-Presicce F: ’From Misuse Cases to Collaboration Diagrams’, in UML, Proceedings of the 3rd International Workshop on Critical System Development with UML, pp 130–138 (2004).Google Scholar
  18. 18.
    Stølen K: ’Model-based risk assessment — the CORAS approach’, Presented at the 1st iTrust Workshop (2002).Google Scholar
  19. 19.
    Basin D, Doser J and Lodderstedt T: ’Model Driven Security: From UML models to access control infrastructures’, ACM Transactions on Software Engineering Methodolgy, 15, No 1, pp 39–91 (2006).CrossRefGoogle Scholar
  20. 20.
    Ferraiolo D, Sandhu R, Gavrila S, Kuhn D and Chandramouli R: ’Proposed NIST standard for role-based access control’, ACM Transactions on Information and System Security, 4, No 3, pp 224–274 (2001).CrossRefGoogle Scholar
  21. 21.
    Olesen K and Myers M: ’Trying to improve communication and collaboration with information technology: an action research project which failed’, Information Technology and People’, 12, pp 12–27 (1999).Google Scholar
  22. 22.
    Baskerville R and Wood-Harper T: ’A critical perspective on action research as a method for information systems research’, Journal of Information Technology, 11, pp 235–246 (1996).CrossRefGoogle Scholar
  23. 23.
    DSDM Version 4.2 (2007) —

Copyright information

© Springer Science+Business Media, Inc. 2007

Authors and Affiliations

  • V. Page
  • M. Dixon
  • I. Choudhury

There are no affiliations available

Personalised recommendations