Information Technology Reference
In-Depth Information
•
Step 2.4: Identify Security Use Cases and
Misuse Cases
: Once we have identified
the threats and vulnerabilities for Grid
environments and mobile computation,
we can identify the security use cases and
misuse cases where threats, attacks and
security identified in the previous step are
expressed and represented in these use
cases indicating the assets to protect, the
security objectives to achieve and the secu-
rity requirements that the system must ful-
fill through of our UML profile (Rosado,
Fernández-Medina, López et al., 2011a;
Rosado, Fernández-Medina et al., 2010b).
•
Step 2.5: Security Assessment
: It is neces-
sary to assess whether the threats are rel-
evant according to the security level speci-
fied by the security objectives. Then, we
have to estimate the security risks based
on the relevant threats, their likelihood
and their potential negative impacts, in
other words, we have to estimate the im-
pact (what may happen) and risk (what will
probably happen) which the assets in the
system are exposed to. We have to interpret
the meaning of impact and risk.
carried out to achieve the overall development
goal of the Definition task.
As a result of this task, we will obtain the fol-
lowing artifacts: generic Grid use cases and secure
Mobile Grid use cases. The roles which will take
part in this task are: Client or Expert user, Use
Case Specifier, Security Requirements Engineer,
Security Analyst and Mobile Grid Specialist.
Regarding the techniques and practices for the
realization of this task, we can found: meetings
and interviews with the involved, security use
cases and misuse cases and cost/effort-benefit
and analysis risks.
CASE STUDY
Our development process will be validated with
a business application in the Media domain (see
Figure 5) attempting to solve existing problems
in this domain. The process will help us to build
a Mobile Grid application, which will allow
journalists and photographers (actors of media
domain) to make their work available to a trusted
network of peers the same instant it is produced,
either from desktop or mobile devices.
With the explosion of ultra portable photo/
video capture media (i.e. based on mobile phones,
PDAs or solid state camcorders) everyone can
capture reasonably good quality audiovisual
material while on the move. We want to build a
system that will cater for the reporter who is on
the move with lightweight equipment and wishes
to capture and transmit news content. This user
needs to safely and quickly upload the media to
a secure server to make it easier for others to ac-
cess, and to avoid situations where his device's
battery dies or another malfunction destroys or
makes his media unavailable.
In the media domain, both the distributions
of content, and the need for rapid access to this
content, are apparent. News is inherently distrib-
uted everywhere and its value falls geometrically
with time. These two reasons make the need for
Therefore, the aim of this activity is identify
security use cases and misuse cases correctly
defined where all security requirements of our
system are represented and identified.
We shall now provide a detailed description of
this task that we have considered in our process
using the SPEM 2.0 textual notation. We define the
roles, steps, work products and guidance, which
will be characterized according to the discipline
that they belong to. According to SPEM, the task
2 is described by using the structure shown in
Figure 4. Each task specifies WorkProductUse as
both input and output respectively, the roles that
perform or participate in this RoleUse task, and
the collection of Steps defined for a Task Defini-
tion which represents all the work that should be
Search WWH ::
Custom Search