Information Technology Reference
In-Depth Information
Table 4. continued
Mis
use Case
Alteration of information (MC1)
Postconditions
1)
The Grid system must
not allow the access to unauthorized users
Misuse Case
Masquerade (MC4)
Atta
ck
Attack on authorized user
The external attacker type pretends to be an authorized user of a system in order to gain access to it or to gain
greater privileges than those it is authorized for.
Summary
Preconditions
1)
The external attacker has physical access to the system and the messages exchanged between the user and the Grid.
Interactions
1 User Interactions The journalist sends a request to the Grid to execute certain task.
2 Misuser Interactions
The attacker intercepts the request and obtains privileges information and authorized information of the user
(credentials, roles, rights, etc.)
3 Misuser Interactions The attacker sends requests to the Grid presenting authorized credentials of certain authorized user.
4 System Interactions
The Grid system receives these requests of the authorized attacker and executes the harmful actions.
Postconditions
1)
The Grid system m
ust check the identity of the user who sends requests.
2)
The Grid system must check the privileges and certificates presented by the user and the authenticity of the certificates.
Table 5. Security use cases for the case study
Security Use Case
Ensure Integrity (SUC1)
Use Case Path
System Message Integrity
Security Threat
A misuser corrupts a message from the system to a user.
Preconditions
1)
The misuser has the means to intercept a message from the system to a user.
2)
The misuser has the means to modify an intercepted messag
3)
The misuser has the means to forward the modified message to the user.
Interactions
System Interactions
The system sends a message to a user.
1
The system ensures that modifications to the message will be obvious
to the user
System Actions
The misuser intercepts and modifies the system's message and for-
wards it to the user.
2
Misuser Interactions
User Interactions
The user receives the corrupted message.
3
System Actions
The system will recognize that the message was corrupted.
4
System Interactions
The system will notify the user that the message was corrupted
Postconditions
None
continued on following page
Search WWH ::
Custom Search