CFP last date
20 January 2025
Reseach Article

Towards Security Risk-oriented Mal Activity Diagram

by Mohammad Jabed Morshed Chowdhury
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 56 - Number 10
Year of Publication: 2012
Authors: Mohammad Jabed Morshed Chowdhury
10.5120/8931-3010

Mohammad Jabed Morshed Chowdhury . Towards Security Risk-oriented Mal Activity Diagram. International Journal of Computer Applications. 56, 10 ( October 2012), 47-52. DOI=10.5120/8931-3010

@article{ 10.5120/8931-3010,
author = { Mohammad Jabed Morshed Chowdhury },
title = { Towards Security Risk-oriented Mal Activity Diagram },
journal = { International Journal of Computer Applications },
issue_date = { October 2012 },
volume = { 56 },
number = { 10 },
month = { October },
year = { 2012 },
issn = { 0975-8887 },
pages = { 47-52 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume56/number10/8931-3010/ },
doi = { 10.5120/8931-3010 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:58:31.621547+05:30
%A Mohammad Jabed Morshed Chowdhury
%T Towards Security Risk-oriented Mal Activity Diagram
%J International Journal of Computer Applications
%@ 0975-8887
%V 56
%N 10
%P 47-52
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Recently security has became one of the major concern in Information System (IS) development. Different security modeling language or security extension is used to model security features of IS. Mal Activity Diagram (MAD) is used at the design stage to represent security aspect. But it cannot model all the security risk management concepts. Without full coverage of concepts, it is not possible to model an IS efficiently and correctly. In this paper, first we propose a meta model for MAD which will help developers or other stakeholders to understand and use MAD correctly. Then we propose syntactic and semantic extensions of MAD to model all the risk management concepts. We have used this meta model and extension in a case study. This study shows that the meta model and extensions help us to correctly identify and model different security components of the system.

References
  1. Asnar, Y. , Moretti, R. , Sebastianis, M. , and Zannone, N. 2008. Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach. In: proceedings of the 3rd International Conference on Availability, Reliability and Security.
  2. Braber, F. D. , Hogganvik, I. , Lund, M. S. , Stølen, K. , and Vraalsen, F. 2007. Model-based security analysis in seven steps—a guided tour to the CORAS method. BT Technology Journal, Volume 25 Issue 1, pages 101–117.
  3. Chowdhury M. J. M. 2011. Modeling Security Risks at the System Design Stage: Alignment of Mal-activity Diagrams and SecureUML to the ISSRM Domain Model, Master These, http://nordsecmob. tkk. fi/thesis. html
  4. Dubois, E. , Heymans, P. , Mayer, N. , and Matulevi?ius, R. 2010. A Systematic Approach to Define the Domain of Information System Security Risk Management. Springer-Verlag.
  5. Firesmith, D. G. 2007. Engineering Safety and Security Related Requirements for Software Intensive Systems. In: Companion to the proceedings of the 29th International Conference on Software Engineering (COMPANION '07), p. 169, IEEE Computer Society.
  6. Haley, C. B. , Laney, R. C. , Moffett, J. D. , and Nuseibeh, B. 2008. Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering, 34: 133-153.
  7. Lee, S. W. , Gandhi, R. A. , and Wagle, S. 2007. Towards a Requirements-driven Workbench for Supporting Software Certification and Accreditation. In: proceeding of the 3rd International Workshop on Software Engineering for Secure Systems.
  8. Matulevi?ius, R. , Mayer, N. , and Heymans, P. 2008. Alignment of Misuse cases with Security Risk Management. In: proceedings of the 3rd International Conference on Availability, Reliability and Security.
  9. Matulevi?ius, R. , Mayer, N. , Mouratidis. H. , Dubois, E. , Heymans, P. , and Genon, N. 2008. Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Proceeding CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering.
  10. Mayer, N. 2009. Model Based Management of Information System Security Risk. Doctoral Thesis in Computer Science, University of Namur, Belgium.
  11. Mead, N. R. , Hough, E. D. , and Stehney, T. R. II. 2005. Security Quality Requirements Engineering (SQUARE) Methodology. Technical Report CMU/SEI-2005-TR-009, Carnegie Mellon University, Software Engineering Institute, Pittsburgh, Pennsylvania.
  12. Mellado, D. , Blanco, C. , Sánchez, E. L. , Eduardo, and Medina, F. 2010. A systematic review of security requirements engineering. Journal of Computer Standards and Interfaces, 32 (4), 153-165.
  13. Object Management Group (OMG). 2004. Unified Modelling Language: Superstructure. Technical report, version 2. 0.
  14. Rodríguez, A. , Medina, E. F. , Trujillo, J. , and Piattini, M. 2001. Secure business process model specification through a UML 2. 0 activity diagram profile. UML'01, Springer Verlag, 76-90.
  15. Sindre, G. 2007. Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: proceedings of the Working Conference on Requirements Engineering: Foundation for Software Quality.
  16. Viega, J. , and McGraw, G. 2002. Building Secure Software: How to Avoid Security Problems in the Right Way. Addison Wesley.
Index Terms

Computer Science
Information Sciences

Keywords

Requirement engineering Risk management Mal activity diagrams Security modeling