Information Technology Reference
In-Depth Information
Table 4. Misuse Cases for the case study
Misuse Case
Alteration of information (MC1)
Atta
ck
Attack on the content of a message (integrity).
Summary
The external attacker type gains access to the message exchanged between the journalist and the Grid system, and
modifies the part of the message that contains the media information with the intention of changing its meaning
by modifying some aspects of the information like authors, dates, or secrecy information.
Preconditions
1)
The external attacker h
as physical access to the message.
2)
The external attacker has a clear knowledge of where the secrecy information is located within the message.
Inter
actions
1 User Interactions
The journalist sends a query message for obtaining media information
The external attacker intercepts it and identifies the part of the message to modify the media information and he/
she forwards it to the media Grid.
2 Misuser Interactions
The Media Grid receives the corrupted message and processes it incorrectly due to its altered semantic content.
That is, it establishes that the journalist wishes as new media information that media information which has been
modified by the attacker
3 System Interactions
Post
conditions
1)
The Media Grid will remain in a state of error with regard to the original intentions of the journalist.
2)
In the register of the system in which the media Grid was executed, the request received with an altered semantic content will be reflected.
Misuse Case
Disclosure of information (MC2)
Atta
ck
Attack on the confidentiality of a message from Grid system to user
The external attacker type gains access to the message exchanged between the journalist and the Grid system, and
reads a specific piece of information.
Summary
Preconditions
1)
The external attacker has physical access to the message.
Inter
actions
1 User Interactions
The journalist sends a query message for obtaining media information
The Grid system receives the query message and processes it. The Grid system returns the media information
related to the query to the journalist
2 System Interactions
The external attacker intercepts it and reads the part of the message that contains the media information and he/
she forwards it to the journalist
3 Misuser Interactions
4 User Interactions
The journalist wishes as new media information that media information which has been intercepted by the attacker.
Postconditions
1)
The Grid system will remain in a normal state and the journalist continues without realizing the interception of information by the attacker
Misuse Case
Unauthorized access (MC3)
Attack
Attack on the access rights and privileges to the Grid system.
Sum
mary
The external attacker type gains access to the Grid system.
Preconditions
1)
The external attacker h
as physical access to the system and access messages.
Interactions
1 Misuser Interactions The unauthorized user wants to login the system with the username/password or presenting a certificate.
2 System Interactions The Grid system receives the access request and it allows the access to the Grid.
3 Misuser Interactions The attacker sends queries to the Grid to obtain sensitive information or for storing harmful data for the system.
4 System Interactions
The Grid system receives the queries processes them and executes them.
continued on following page
Search WWH ::
Custom Search