A Systematic Approach to Define the Domain of Information System Security Risk Management - Intentional Perspectives on Information Systems Engineering

Information Technology Reference

In-Depth Information

the project. Therefore SQUARE does not rely on a pre-defined terminology that

we could use.

3.3 State of the Art of Security-Oriented Modelling Languages

Many security modelling languages, or most often security extensions to exist-

ing languages, were developed. Existing approaches based on UML have been

enriched with security modelling capabilities. In Misuse Cases [ 51] and Abuse

Cases [ 42] , which are extensions of “Use Case” diagrams, the focus is on elici-

tation of new threats and vulnerabilities that could be exploited by malicious actors.

SecureUML [ 35] extends several UML diagrams. The approach focuses on authori-

sation constraints and its goal is to automatically generate complete access control

infrastructures. UMLsec [ 28] is a UML profile that allows adding security-related

information to UML diagrams. Both SecureUML and UMLsec address security at

the design level. They, thus, do not focus on business assets and high-level security

requirements.

The KAOS goal-oriented framework addresses security concerns by treating

attacks as anti-goals [ 29] . Anti-goals are the attacker's goals and generate obstacles

to security goals. Extensions of the i ∗ goal-oriented framework [ 57] also address

security problems. For instance, Liu et al. [ 34] represent attacks as tasks with neg-

ative contributions to security softgoals. A formalisation of i ∗ to deal with security

issues is proposed in Secure-Tropos [ 17, 47] . It suggests, first, to extend the concepts

and the processes of i ∗ /Tropos and, then, to integrate techniques such as security

reference diagrams and security attack scenarios. Recently, additional work [ 12]

has been done on representing the notion of vulnerability in i ∗ . Asnar et al. intro-

duced the Tropos Goal-Risk Framework [ 2] that addresses RM at three different

levels, combining together asset, risk, and risk treatment views. However, the Tropos

Goal-Risk framework does not focus on IS security, but supports the concept of

risk in general, including project management risk and financial risk, for instance.

Finally, Problem Frames extensions were also proposed to handle security issues.

Anti-requirements were introduced by Abuse Frames [33] . Abuse Frames are used

to delimit the scope of a security problem and thereby are meant to facilitate the

analysis of threats and vulnerabilities as well as the elicitation of security require-

ments. In future work, we plan to confront the concepts of these languages with the

concepts of the ISSRM domain.

4 ISSRM Concept Alignment

4.1 Concepts to Consider

The first task of the concept alignment phase is to define the range of concepts

to study. In [14] , a comparison between the concepts used in various security RE

Search WWH ::

Custom Search

Home