Towards Security Risk-oriented Mal Activity Diagram
نویسنده
چکیده
Recently security has became one of the major concern in Information System (IS) development. Different security modeling language or security extension is used to model security features of IS. Mal Activity Diagram (MAD) is used at the design stage to represent security aspect. But it cannot model all the security risk management concepts. Without full coverage of concepts, it is not possible to model an IS efficiently and correctly. In this paper, first we propose a meta model for MAD which will help developers or other stakeholders to understand and use MAD correctly. Then we propose syntactic and semantic extensions of MAD to model all the risk management concepts. We have used this meta model and extension in a case study. This study shows that the meta model and extensions help us to correctly identify and model different security components of the system.
منابع مشابه
Mal-Activity Diagrams for Capturing Attacks on Business Processes
Security is becoming an increasingly important issue for IT systems, yet it is often dealt with as separate from mainstream systems and software development and in many cases neglected or addressed post-hoc, yielding costly and unsatisfactory solutions. One idea to improve the focus on security might be to include such concerns into mainstream diagram notations used in information systems analy...
متن کاملA Comparison of Security Modelling Languages used for Security Risk Management
Nowadays, every company that has valuable assets has an urge to protect them. Unfortunately, it is impossible to act on every single security threat. To mitigate these threats Security Modelling Languages were extended to use for Security Risk Management. However, choosing suitable language can be a difficult decision, because it can be a problem to compare those languages and decide which one ...
متن کاملArchitecture and Data Flow Model for Consumer-Oriented Smart Meter Design
3 Conclusion 1.Smart metering projects are at risk of consumer rejection, and investment failure. 2.We have identified ways to reduce consumer’s privacy and choice concerns about data that is extracted and transmitted from a smart meter. 3.We have proposed a Smart Metering System Architecture and abstract data flow model that identifies security and privacy requirements to ensure consumer secur...
متن کاملExtensions du diagramme d'activité pour contrôler l'accès au SI
The evolution of organisations and their information systems towards more openness raises the challenge of their security. The definition of an access control policy is a major activity in the design of an Information System. This paper proposes an approach for the specification of security policies, based on the RBAC model, at the workflow level. This approach propagates permissions defined on...
متن کاملDecision Support for Choice of Security Solution
In security assessment and management there is no single correct solution to the identi ed security problems or challenges. Instead there are only choices and tradeo¤s. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make e¤ective use of available resources and meet end...
متن کامل