HARM: Hacker Attack Representation Method

  • Peter Karpati
  • Andreas L. Opdahl
  • Guttorm Sindre
Part of the Communications in Computer and Information Science book series (CCIS, volume 170)


Current security requirements engineering methods tend to take an atomic and single-perspective view on attacks, treating them as threats, vulnerabilities or weaknesses from which security requirements can be derived. This approach may cloud the big picture of how many smaller weaknesses in a system contribute to an overall security flaw. The proposed Hacker Attack Representation Method (HARM) combines well-known and recently developed security modeling techniques in order represent complex and creative hacker attacks diagrammatically from multiple perspectives. The purpose is to facilitate overviews of intrusions on a general level and to make it possible to involve different stakeholder groups in the process, including non-technical people who prefer simple, informal representations. The method is tied together by a meta model. Both the method and the meta model are illustrated with a security attack reported in the literature.


Security requirements engineering Intrusion analysis Metamodeling 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amyot, D., Mussbacher, G.: On the Extension of UML with Use Case Maps Concepts. In: Evans, A., Caskurlu, B., Selic, B. (eds.) UML 2000. LNCS, vol. 1939, pp. 16–31. Springer, Heidelberg (2000)Google Scholar
  2. 2.
    Alexander, I.: Misuse Cases: Use Cases with Hostile Intent. IEEE Software 20(1), 58–66 (2003)CrossRefGoogle Scholar
  3. 3.
    Barnum, S.: Attack Patterns as a Knowledge Resource for Building Secure Software. In: Sethi, A. (ed.) Cigital: OMG Software Assurance WS (2007)Google Scholar
  4. 4.
    Benyon, D., Skidmore, S.: Towards a Tool Kit For the Systems Analyst. The Computer Journal 30(1), 2–7 (1987)CrossRefGoogle Scholar
  5. 5.
    Buhr, R.J.A.: Use case maps for attributing behaviour to system architecture. In: Proc. 4th Int. WS on Parallel and Distributed Real-Time Systems, p. 3 (1996)Google Scholar
  6. 6.
    Buhr, R.J.A., Casselman, R.S.: Use Case Maps for Object-Oriented Systems. Prentice Hall (1995)Google Scholar
  7. 7.
    Cheung, S., Lindqvist, U., Valdez, R.: Correlated Attack Modeling (CAM), Final Technical Report by SRI International (October 2003)Google Scholar
  8. 8.
    Gegick, M., Williams, L.: Matching attack patterns to security vulnerabilities in software-intensive system designs. In: Proc. SESS 2005 - Building Trustworthy Applications, pp. 1–7 (2005)Google Scholar
  9. 9.
    Gutierrez, C., Fernandez-Medina, E., Piattini, M.: Web services enterprise security architecture: a case study. In: Proc. WS on Secure Web Services (SWS 2005), Fairfax, VA, USA (2005)Google Scholar
  10. 10.
    Gutierrez, C., Fernandez-Medina, E., Piattini, M.: Towards a Process for Web Services Security. In: Proc. WOSIS 2005 at ICEIS 2005, Miami, Florida, USA (2005)Google Scholar
  11. 11.
    Gutierrez, C., Fernandez-Medina, E., Piattini, M.: PWSSec: Process for Web Services Security. In: Proc. ICWS 2006, September 18-22, pp. 213–222 (2006)Google Scholar
  12. 12.
    Karpati, P., Sindre, G., Opdahl, A.L.: Visualizing Cyber Attacks with Misuse Case Maps. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS (LNAI), vol. 6182, pp. 262–275. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Karpati, P., Sindre, G., Opdahl, A.L.: Towards a Hacker Attack Representation Method. In: Proc. of the 5th ICSOFT, pp. 92–101. INSTICC Press (2010)Google Scholar
  14. 14.
    Katta, V., Karpati, P., Opdahl, A.L., Raspotnig, C., Sindre, G.: Comparing Two Techniques for Intrusion Visualization. In: van Bommel, P., Hoppenbrouwers, S., Overbeek, S., Proper, E., Barjis, J. (eds.) PoEM 2010. LNBIP, vol. 68, pp. 1–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Lamsweerde, A., Brohez, S., De Landtsheer, R., Janssens, D.: From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering. In: Heytmeier, C., Mead, N. (eds.) Proc. of the 2nd RHAS 2003, pp. 49–56 (2003)Google Scholar
  16. 16.
    Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis within a Social Setting. In: Proc. of the 11th RE 2003, pp. 151–160. IEEE Press, Monterey Bay (2003)Google Scholar
  17. 17.
    Maurya, S., Jangam, E., Talukder, M., Pais, A.R.: Suraksha: A security designers’ workbench. In: Proc. 2009, pp. 59–66 (2009)Google Scholar
  18. 18.
    Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology. In: Proc SESS 2005, St. Louis, MO, May 15-16, pp. 1–7 (2005)Google Scholar
  19. 19.
    Mitnick, K.D., Simon, W.L.: The Art of Intrusion. Wiley Publishing Inc. (2006)Google Scholar
  20. 20.
    Neumann, P.G., Porras, P.A.: Experience with EMERALD to date. In: Proc. WS on Intrusion Detection and Network Monitoring, pp:73–80 (1999)Google Scholar
  21. 21.
    Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proc. 9th ACM Conf. on CCS, pp. 245–254 (2002)Google Scholar
  22. 22.
    OMG Unified Modeling LanguageTM (OMG UML), Superstructure Version 2.2 (February 2009)Google Scholar
  23. 23.
    Opdahl, A.L., Sindre, G.: Experimental Comparison of Attack Trees and Misuse Cases for Security Threat Identification. Information and Software Technology 51(5), 916–932 (2009)CrossRefGoogle Scholar
  24. 24.
  25. 25.
    Schneier, B.: Attack Trees, Dr. Dobb’s Journal (1999)Google Scholar
  26. 26.
    Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley (2000)Google Scholar
  27. 27.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated Generation and Analysis of Attack Graphs. In: Proc. IEEE Symposium on Security and Privacy, p. 273 (2002)Google Scholar
  28. 28.
    Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), 34–44 (2005)CrossRefGoogle Scholar
  30. 30.
    Sindre, G., Opdahl, A.L., Brevik, G.F.: Generalization/Specialization as a Structuring Mechanism for Misuse Cases. In: Proc. SREIS 2002 (2002)Google Scholar
  31. 31.
    Steele, P., Zaslavsky, A.: The Role of Metamodels in Federating System Modeling Techniques. In: Elmasri, R.A., Kouramajian, V., Thalheim, B. (eds.) ER 1993. LNCS, vol. 823, pp. 301–312. Springer, Heidelberg (1994)Google Scholar
  32. 32.
    Templeton, S.J., Levitt, K.: A requires/provides model for computer attacks. In: Proc. WS on New Security Paradigms, pp. 31–38 (2000)Google Scholar
  33. 33.
    The Mitre Corp., Common Attack Pattern Enumeration and Classification (2010), (accessed: 30.3.2010)
  34. 34.
    Tøndel, I.A., Jensen, J., Røstad, L.: Combining misuse cases with attack trees and security activity models. In: Proc. ARES 2010, pp. 438–445 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Peter Karpati
    • 1
  • Andreas L. Opdahl
    • 2
  • Guttorm Sindre
    • 1
  1. 1.Dept. of Computer and Information ScienceNorwegian University of Science and TechnologyTrondheimNorway
  2. 2.Dept. of Information Science and Media StudiesUniversity of BergenBergenNorway

Personalised recommendations