doi: 10.17706/jsw.10.4.491-498
Abstract—Developing abuse cases help software engineers to think from the perspective of attackers, and therefore allow them to decide and document how the software should react to illegitimate use. This paper describes a method for developing abuse cases based on threat modeling and attack patterns. First potential threats are analyzed by following Microsoft’s threat modeling process. Based on the identified threats, initial abuse cases are generated. Attack pattern library is searched and attack patterns relevant to the abuse cases are retrieved. The information retrieved from the attack patterns are used to extend the initial abuse cases and suggest mitigation method. Such a method has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop.
Index Terms—Abuse case, threat modeling, attack patterns, secure software development.
Cite: Xiaohong Yuan, Emmanuel Borkor Nuakoh, Imano Williams, Huiming Yu, "Developing Abuse Cases Based on Threat Modeling and Attack Patterns," Journal of Software vol. 10, no. 4, pp. 491-498, 2015.
General Information
ISSN: 1796-217X (Online)
Abbreviated Title: J. Softw.
Frequency: Quarterly
APC: 500USD
DOI: 10.17706/JSW
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Cecilia Xie
Abstracting/ Indexing: DBLP, EBSCO,
CNKI, Google Scholar, ProQuest,
INSPEC(IET), ULRICH's Periodicals
Directory, WorldCat, etcE-mail: jsweditorialoffice@gmail.com
-
Oct 22, 2024 News!
Vol 19, No 3 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Jun 12, 2024 News!
Vol 19, No 2 has been published with online version [Click]