You are here: UCM Web>UCMVirtualLibrary>VirLibPoEM2010 (20 Jun 2011)

Abstract

Various techniques have been proposed to model attacks on systems. In order to understand such attacks and thereby propose efficient mitigations, the sequence of steps in the attack should be analysed thoroughly. However, there is a lack of techniques to represent intrusion scenarios across a system architecture. This paper proposes a new technique called misuse sequence diagrams (MUSD). MUSD represents the sequence of attacker interactions with system components and how they were misused over time by exploiting their vulnerabilities. The paper investigates MUSD in a controlled experiment with 42 students, comparing it with a similar technique called misuse case maps (MUCM). The results suggest that the two mostly perform equally well and they are complementary regarding architectural issues and temporal sequences of actions though MUSD was perceived more favourably.

-- Daniel Amyot - 20 Jun 2011

Discussion

Form For Virtual Library edit

Title Comparing Two Techniques for Intrusion Visualization
Authors V. Katta, P. Kárpáti, A.L. Opdahl, C. Raspotnig, G. Sindre
Type Conference
Conference/Journal Title The Practice of Enterprise Modeling (Po EM? 2010)
Volume/Number LNBIP 68
Editors P. van Bommel, S. Hoppenbrouwers, S. Overbeek, E. Proper. and J. Barjis
Publisher Springer
Month November
Year 2010
Pages 1-15
DOI 10.1007/978-3-642-16782-9_1
Keywords Requirements engineering, Security, Experiment, Threat modeling, Misuse Case Maps, Misuse Sequence Diagrams
Topic revision: r1 - 20 Jun 2011 - 08:32:13 - Daniel Amyot
 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback