Abstract
We propose a graphical approach to identify, explain and document security threats and risk scenarios. Security risk analysis can be time consuming and expensive, hence, it is of great importance that involved parties quickly understand the risk picture. Risk analysis methods often make use of brainstorming sessions to identify risks, threats and vulnerabilities. These sessions involve system users, developers and decision makers. They typically often have completely different backgrounds and view the system from different perspectives. To facilitate communication and understanding among them, we have developed a graphical approach to document and explain the overall security risk picture. The development of the language and the guidelines for its use have been based on a combination of empirical investigations and experiences gathered from utilizing the approach in large scale industrial field trials. The investigations involved both professionals and students, and each field trial was in the order of 250 person hours.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alexander, I.: Misuse cases: Use cases with hostile intent. IEEE Software 20(1), 58–66 (2003)
AS/NZS4360, Australian/New Zealand Standard for Risk Management, Standards Australia/Standards, New Zealand (2004)
HB231, Information security risk management guidelines. Standards Australia/Standards New Zealand (2004)
Hogganvik, I., Stølen, K.: Investigating Preferences in Graphical Risk Modeling (Tech. report SINTEF A57). SINTEF ICT (2006), http://heim.ifi.uio.no/~ketils/securis/the-securis-dissemination.htm
Hogganvik, I., Stølen, K.: On the Comprehension of Security Risk Scenarios. In: Proc. of 13th Int. Workshop on Program Comprehension (IWPC 2005), pp. 115–124 (2005)
Hogganvik, I., Stølen, K.: Risk Analysis Terminology for IT-systems: does it match intuition? In: Proc. of Int. Symposium on Empirical Software Engineering (ISESE 2005), pp. 13–23 (2005)
IEC60300-3-9, Event Tree Analysis in Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems(1995)
IEC61025, Fault Tree Analysis (FTA) (1990)
ISO/IEC13335, Information technology - Guidelines for management of IT Security (1996-2000)
Jacobson, I., et al.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, Reading (1992)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
Kontio, J.: Software Engineering Risk Management: A Method, Improvement Framework, and Empirical Evaluation. PhD thesis, Dept. of Computer Science and Engineering, Helsinki University of Technology (2001)
Kuzniarz, L., Staron, M., Wohlin, C.: An Empirical Study on Using Stereotypes to Improve Understanding of UML Models. In: Proc. of 12th Int. Workshop on Program Comprehension (IWPC 2004), pp. 14–23 (2004)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Lund, M.S., et al.: UML profile for security assessment Tech. report STF40 A03066. SINTEF ICT (2003)
OMG, UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms. Object Management Group (2005)
OMG, The Unified Modeling Language (UML) 2.0. (2004)
Redmill, F., Chudleigh, M., Catmur, J.: HAZOP and Software HAZOP. Wiley, Chichester (1999)
Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12), 21–29 (1999)
Seehusen, F., Stølen, K.: Graphical specification of dynamic network structure. In: Proc. of 7th Int. Conference on Enterprise Information Systems (ICEIS 2005), pp. 203–209 (2005)
Sindre, G., Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In: Proc. of TOOLS-PACIFIC, pp. 120–131 (2000)
Sindre, G., Opdahl, A.L.: Templates for Misuse Case Description. In: Proc. of Workshop of Requirements Engineering: Foundation of Software Quality (REFSQ 2001), pp. 125–136 (2001)
Ware, C.: Information Visualization: Perception for Design, 2nd edn. Elsevier, Amsterdam (2004)
Aagedal, J.Ø., et al.: Model-based risk assessment to improve enterprise security. In: Proc. of Enterprise Distributed Object Communication (EDOC 2002), pp. 51–64 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hogganvik, I., Stølen, K. (2006). A Graphical Approach to Risk Identification, Motivated by Empirical Investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds) Model Driven Engineering Languages and Systems. MODELS 2006. Lecture Notes in Computer Science, vol 4199. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11880240_40
Download citation
DOI: https://doi.org/10.1007/11880240_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45772-5
Online ISBN: 978-3-540-45773-2
eBook Packages: Computer ScienceComputer Science (R0)