Skip to main content

Building Security Requirements Using State Transition Diagram at Security Threat Location

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

  • 979 Accesses

Abstract

The security requirements in the software life cycle has received some attention recently. However, it is not yet clear how to build security requirements. This paper describes and illustrates a process to build application specific security requirements from state transition diagrams at the security threat location. Using security failure data, we identify security threat locations which attackers could use to exploit software vulnerabilities. A state transition diagram is constructed to be used to protect, mitigate, and remove vulnerabilities relative to security threat locations. In the software development process, security requirements are obtained from state transition diagrams relative to the security threat location.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001 (2001)

    Google Scholar 

  2. Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering(ICSE 2004) (2004)

    Google Scholar 

  3. Bishop, M.: Vulnerabilities analysis. In: Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID 1999) (1999)

    Google Scholar 

  4. Common criteria for information technology security evaluation, Version 2.1. CCIMB-99-031 (1999)

    Google Scholar 

  5. Firesmith, D.: Specifying reusable security requirements. Journal of Object Technology 3 (2004)

    Google Scholar 

  6. McGraw, G.: Software security. IEEE Security & Privacy 2, 80–83 (2004)

    Article  Google Scholar 

  7. Alexander, I.: Misuse cases: Use cases with hostile intent. IEEE Software 20, 58–66 (2003)

    Article  Google Scholar 

  8. Krsul, I.V.: Computer vulnerability analysis. PhD thesis, Purdue University (1998)

    Google Scholar 

  9. McDermott, J.: Extracting security requirements by misuse cases. In: Proc. 27th Technology of Objected-Oriented Languages and Systems, pp. 120–131 (2000)

    Google Scholar 

  10. McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proc. Annual Computer Security Applications Conference (ACSAC 1999) (1999)

    Google Scholar 

  11. Whittacker, J.A., Howard, M.: Building more secure software with improved development processes. IEEE Security & Privacy 2, 63–65 (2004)

    Article  Google Scholar 

  12. Viega, J., McGraw, G.: Building secure software. Addison-Wesley, Reading (2004)

    Google Scholar 

  13. Howard, M., LeBlanc, D.C.: Writing secure code, 2nd edn. Microsoft (2003)

    Google Scholar 

  14. Schumacher, M., Roedig, U.: Security engineering with patterns. In: PLoP Proceedings (2001)

    Google Scholar 

  15. Jurjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Seo, S.C., You, J.H., Kim, Y.D., Choi, J.Y., Lee, S.J., Kim, B.K. (2005). Building Security Requirements Using State Transition Diagram at Security Threat Location. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_66

Download citation

  • DOI: https://doi.org/10.1007/11596981_66

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics