Skip to main content
SpringerLink
Log in
Book cover

International Working Conference on Requirements Engineering: Foundation for Software Quality

REFSQ 2012: Requirements Engineering: Foundation for Software Quality pp 132–139Cite as

Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7195))

Abstract

[Context and motivation] Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process. There are several languages for security modelling that help dealing with security risk management at the requirements stage. [Question/problem] In this paper, we are focusing on Mal-activity diagrams that are used from requirement engineering to system design stage. More specifically we investigate how this language supports information systems security risks management (ISSRM). [Principal ideas/results] The outcome of this work is an alignment table between the Mal-activity diagrams language constructs to the ISSRM domain model concepts. [Contribution] This result may help developers understand how to model security risks at the system requirement and design stages. Also, it paves the way for interoperability between the modelling languages that are analysed using the same conceptual framework, thus facilitating transformation between these modelling approaches.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chowdhury, M.J.M.: Modeling Security Risks at the System Design Stage: Alignment of Mal-activity Diagrams and SecureUML to the ISSRM Domain Model. Master Theses (2011), http://nordsecmob.tkk.fi/thesis.html

  2. Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A Systematic Approach to Define the Domain of Information System Security Risk Management. In: Nurcan, S., Salinesi, C., Souveyet, C., Ralytė, J. (eds.) International Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Matulevičius, R., Mayer, N., Heymans, P.: Alignment of Misuse cases with Security Risk Management. In: 3rd International Conference on Availability, Reliability and Security, pp. 1397–1404. IEEE Computer Society, Washington (2008)

    Chapter  Google Scholar 

  4. Matulevičius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541–555. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Mayer, N.: Model Based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)

    Google Scholar 

  6. Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tartu, Estonia

    Mohammad Jabed Morshed Chowdhury & Raimundas Matulevičius

  2. Norwegian University of Science and Technology, Norway

    Mohammad Jabed Morshed Chowdhury, Guttorm Sindre & Peter Karpati

Authors
  1. Mohammad Jabed Morshed Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raimundas Matulevičius
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guttorm Sindre
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Karpati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Lund University, Box 118, SE-221 00, Lund, Sweden

    Björn Regnell

  2. Computer Engineering Department, University of Victoria, Victoria, BC, Canada

    Daniela Damian

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chowdhury, M.J.M., Matulevičius, R., Sindre, G., Karpati, P. (2012). Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions. In: Regnell, B., Damian, D. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2012. Lecture Notes in Computer Science, vol 7195. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28714-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28714-5_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28713-8

  • Online ISBN: 978-3-642-28714-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation