CFP last date
22 April 2024
Reseach Article

Syntactic and Semantic Extensions of Malicious Activity Diagrams to Support ISSRM

by Othmar Othmar Mwambe
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 67 - Number 4
Year of Publication: 2013
Authors: Othmar Othmar Mwambe
10.5120/11386-6667

Othmar Othmar Mwambe . Syntactic and Semantic Extensions of Malicious Activity Diagrams to Support ISSRM. International Journal of Computer Applications. 67, 4 ( April 2013), 33-39. DOI=10.5120/11386-6667

@article{ 10.5120/11386-6667,
author = { Othmar Othmar Mwambe },
title = { Syntactic and Semantic Extensions of Malicious Activity Diagrams to Support ISSRM },
journal = { International Journal of Computer Applications },
issue_date = { April 2013 },
volume = { 67 },
number = { 4 },
month = { April },
year = { 2013 },
issn = { 0975-8887 },
pages = { 33-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume67/number4/11386-6667/ },
doi = { 10.5120/11386-6667 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:23:48.668635+05:30
%A Othmar Othmar Mwambe
%T Syntactic and Semantic Extensions of Malicious Activity Diagrams to Support ISSRM
%J International Journal of Computer Applications
%@ 0975-8887
%V 67
%N 4
%P 33-39
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Information security has played a great role in supporting security of organizational assets. Computes softwares / information systems developers have taken information security into great consideration particularly during systems/software development. There are several modelling languages that can be used to architect security features of information systems with respect to information system security management domain model(ISSRM). Malicious Activity Diagrams have been widely used by developers to model security features of various information systems as an extension of Unified Modeling Language(UML)[[2]]. However Malicious Activity Diagrams can not cover all the features of ISSRM[[11]]. Due to the limitations of Malicious Activity Diagrams,this study has proposed new additional featers that will enable Malicious Activity Diagrams to cover the remaining security concepts of ISSRM(such as security constraint of the static information/security criterion-figure 6).

References
  1. Sindre G. , "Mal-Activity Diagrams for Capturing Attacks on Business Processes". Inproceedings of the Working Conference on Requirements Engineering: Foundation forSoftware Quality, 2007.
  2. Andrey Naumenko and Alain Wegmann , "A Metamodel for the Unified Modeling Language",EPFL-IC-LAMS, CH-1015 Lausanne, Switzerland,2002.
  3. Raimundas Matulevi_cius, " Improving the Syntax and Semantics of Goal Modelling Languages", University of Namur, Belgium,2008.
  4. Mohammad Jabed Morshed Chowdhury,Dr. Raimundas Matulevi?ius,Prof. Guttorm Sindre,Dr. Peter Karpati,"Modeling Security Risks at the System Design Stage",Master's thesis,June, 2011.
  5. Nicolas Mayer,Eric Dubois,Raimundas Matulevicius,PatrickHeymans,"Towards a Measurement Framework for Security Risk Management ",CRP-Henri Tudor – CITI,PReCISE, University of Namur,rue Grandgagnage 21, B-5000 Namur, Belgium,2008.
  6. K. Hinkelmann, D. Karagiannis, R. Klein, N. Stojanovic (eds. ): "Semantic Business Processand Product Lifecycle Management". Proceedings of the Workshop SBPM 2007, CEUR Workshop Proceedings, ISSN 1613-0073, online CEUR-WS. org/Vol-251/, Innsbruck, April 7, 2007.
  7. Bresciani P. , Perini A. , Giorgini P. , Fausto G. and Mylopoulos J. , "TROPOS: an Agentoriented Software Development Methodology". Journal of Autonomous Agents and Multi-Agent Systems, Volume 25, pages 203–236, 2004.
  8. Lee S. W. , Gandhi R. , Muthurajan D. , Yavagal D. and Ahn G. J. , "Building problem domain ontology from security requirements in regulatory documents". In proceeding of the International Workshop on Software Engineering for Secure Systems, 2006.
  9. Mitnick Kevin. "The Art of Deception: Controlling the Human Element of Security". WileyPublishing, Inc. , Indianapolis, 2002.
  10. Axel van Lamsweerde,"Elaborating Security Requirements by Construction of Intentional Antimodels". In the proceedings of the 26th International Conference on Software Engineering, 2004.
  11. Dubois E. , Heymans P. , Mayer N. and Matulevi?ius R. , "A Systematic Approach to Define the Domain of Information System Security Risk Management". Book published fromSpringer-Verlag, ISBN: 978-3-642-12543-0,2010.
  12. Christopher Alberts,Audree Dorofee,James Stevens,Carol Woody , "Introduction to the OCTAVE® Approach",Hanscom AFB, MA 01731-2116,August 2003.
  13. Haley C. B. , Moffett J. D. , Laney R. and Nuseibeh B. , "A Framework for Security. Requirements Engineering". In Proceedings of the 28th International Conference on Software Engineering, pages 35-42. ACM Press, 2006.
  14. Nicolas Mayer, Patrick Heymans, Member,IEEE and Raimundas Matulevicius,"Design of a Modelling Language for Information System Security Risk Management",2007.
  15. SANS Institute , "An Introduction to Information System Risk Management",2007.
  16. Gary Stoneburner, Alice Goguen, and Alexis Feringa,"Risk Management Guide forInformation Technology Systems",NIST Special Publication 800-30,Natl. Inst. Stand. Technol. Spec. Publ. 800-30, 54 pages,July 2002.
  17. Steve Elky,"An Introduction to Information System RiskManagement",SANS Institute 2007,May 31, 2006.
Index Terms

Computer Science
Information Sciences

Keywords

Information security Activity diagrams Security requirements ISSRM Mal-Activity diagrams Software development lifecycle management