From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design

摘要

Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.