TOWARDS A HACKER ATTACK REPRESENTATION METHOD

Peter Karpati; Guttorm Sindre; Andreas L. Opdahl

doi:10.5220/0003010000920101

TOWARDS A HACKER ATTACK REPRESENTATION METHOD

Peter Karpati, Guttorm Sindre, Andreas L. Opdahl

2010

Abstract

Security must be addressed at an early stage of information systems development, and one must learn from previous hacker attacks to avoid similar exploits in the future. Many security threats are hard to understand for stakeholders with a less technical background. To address this issue, we present a five-step method that represents hacker intrusions diagrammatically. It lifts specific intrusions to a more general level of modelling and distils them into threats that should be avoided by a new or modified IS design. It allows involving different stakeholder groups in the process, including non-technical people who prefer simple, informal representations. For this purpose, the method combines five different representation techniques that together provide an integrated view of security attacks and system architecture. The method is illustrated with a real intrusion from the literature, and its representation techniques are tied together as a set of extensions of the UML metamodel.

Download

Paper Citation

in Harvard Style

Karpati P., Sindre G. and Opdahl A. (2010). TOWARDS A HACKER ATTACK REPRESENTATION METHOD . In Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8425-23-2, pages 92-101. DOI: 10.5220/0003010000920101

in Bibtex Style

@conference{icsoft10,
author={Peter Karpati and Guttorm Sindre and Andreas L. Opdahl},
title={TOWARDS A HACKER ATTACK REPRESENTATION METHOD},
booktitle={Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2010},
pages={92-101},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003010000920101},
isbn={978-989-8425-23-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - TOWARDS A HACKER ATTACK REPRESENTATION METHOD
SN - 978-989-8425-23-2
AU - Karpati P.
AU - Sindre G.
AU - Opdahl A.
PY - 2010
SP - 92
EP - 101
DO - 10.5220/0003010000920101