Information Technology Reference
In-Depth Information
Figure 3. Task 2: Identifying secure Mobile Grid UC
generic Grid use cases that are common to many
Grid applications are identified of the repository
because will take part in the application analysis.
Secondly, assets that we wish to protect should be
identified; thirdly, the possible threats and attacks
to these assets should be defined and the risk as-
sociated with these threats should be studied. The
security use cases and misuse cases should then
be defined, thus obtaining certain elements of the
reusable repository such as the misuse cases for
the system and the security use cases that miti-
gate them. Finally, a security assessment should
be carried out. Some of the security use cases
and misuse cases identified for the application
are therefore stored in the repository and can be
reused for this specific application since they are
part of the secure Mobile Grid UC output artifact.
During this task, it is possible to discover new
use cases which are suitable for incorporation into
the repository, or we may wish to modify or update
existing use cases in the repository. The repository
is an input and output artifact from which we can
obtain different elements and add or create new
ones. Also, we have to consider possible conflicts
between Grid use cases, security use cases and
misuse cases and solve them in this iteration.
A set of steps will serve as a guide for defining
and specifying security requirements for mobile
grid systems. Figure 3 shows the steps of this task
using SPEM 2.0 diagrams.
•
Step 2.1. Identify generic Grid UC
: Once
we have defined the use cases of the appli-
cation in the task 1, we have to identify
which are the generic Grid use cases that
are related to the use cases of the applica-
tion. To define the Grid use cases we will
use the GridUCSec-profile defined as a
model of the process (Rosado, Fernández-
Medina, López et al., 2011a; Rosado,
Fernández-Medina et al., 2010b) and using
the repository where a large set of Grid use
cases are defined.
•
Step 2.2: Identify Security Assets
: The se-
curity assets for a grid with mobile devices
depend on the characteristics and type of
system to be built. The CPU-intensive ap-
plications will consider resources as main
assets while data-intensive applications
will consider data as main assets to protect.
•
Step 2.3: Identify Threats, Attacks and
Risks.
The threats analysis is the process of
identifying, as many risks that can affect
the assets as possible. A well-done threat
analysis performed by experienced people
would likely identify most known risks,
providing a level of confidence in the sys-
tem that will allow the business to proceed.
In previous section the most important
threats and attacks for these environments
have been defined.
Search WWH ::
Custom Search