@inproceedings{023a38884042498b86c73f2ef70562a3,
title = "Threat-driven architectural design of secure information systems",
abstract = "To deal with software security issues in the early stages of system development, this paper presents a threat-driven approach to the architectural design and analysis of secure information systems. In this approach, we model security threats to systems with misuse cases and mitigation requirements with mitigation use cases at the requirements analysis phase. Then we drive system architecture design (including the identification of architectural components and their connections) by use cases, misuse cases, and mitigation use cases. According to the misuse case-based threat model, we analyze whether or not a candidate architecture is resistant to the identified security threats and what constraints must be imposed on the choices of system implementation. This provides a smooth transition from requirements specification to high-level design and greatly improves the traceability of security concerns in high assurance information systems. We demonstrate our approach through a case study on a security-intensive payroll information system.",
keywords = "Misuse case, Security, Software architecture, Threat model, UML, Use case",
author = "Joshua Pauli and Dianxiang Xu",
year = "2005",
language = "English (US)",
isbn = "9728865198",
series = "ICEIS 2005 - Proceedings of the 7th International Conference on Enterprise Information Systems",
pages = "136--143",
booktitle = "ICEIS 2005 - Proceedings of the 7th International Conference on Enterprise Information Systems",
note = "7th International Conference on Enterprise Information Systems, ICEIS 2005 ; Conference date: 25-05-2005 Through 28-05-2005",
}