Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions

  • Mohammad Jabed Morshed Chowdhury
  • Raimundas Matulevičius
  • Guttorm Sindre
  • Peter Karpati
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7195)

Abstract

[Context and motivation] Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process. There are several languages for security modelling that help dealing with security risk management at the requirements stage. [Question/problem] In this paper, we are focusing on Mal-activity diagrams that are used from requirement engineering to system design stage. More specifically we investigate how this language supports information systems security risks management (ISSRM). [Principal ideas/results] The outcome of this work is an alignment table between the Mal-activity diagrams language constructs to the ISSRM domain model concepts. [Contribution] This result may help developers understand how to model security risks at the system requirement and design stages. Also, it paves the way for interoperability between the modelling languages that are analysed using the same conceptual framework, thus facilitating transformation between these modelling approaches.

Keywords

Mal-activity diagrams Information system security risk management Requirement engineering Risk management 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chowdhury, M.J.M.: Modeling Security Risks at the System Design Stage: Alignment of Mal-activity Diagrams and SecureUML to the ISSRM Domain Model. Master Theses (2011), http://nordsecmob.tkk.fi/thesis.html
  2. 2.
    Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A Systematic Approach to Define the Domain of Information System Security Risk Management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralytė, J. (eds.) International Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Matulevičius, R., Mayer, N., Heymans, P.: Alignment of Misuse cases with Security Risk Management. In: 3rd International Conference on Availability, Reliability and Security, pp. 1397–1404. IEEE Computer Society, Washington (2008)CrossRefGoogle Scholar
  4. 4.
    Matulevičius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541–555. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Mayer, N.: Model Based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)Google Scholar
  6. 6.
    Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mohammad Jabed Morshed Chowdhury
    • 1
    • 2
  • Raimundas Matulevičius
    • 1
  • Guttorm Sindre
    • 2
  • Peter Karpati
    • 2
  1. 1.University of TartuEstonia
  2. 2.Norwegian University of Science and TechnologyNorway

Personalised recommendations