Spelling suggestions: "subject:"abuse cases"" "subject:"abuse bases""
1 |
Säkerhetsanalys av Android som plattform förföretagsapplikationer / A security analysis of Android as a platform for enterprise applicationsJinnegren, Per, Thorselius, Erik January 2011 (has links)
I rapporten undersöks säkerhetsaspekter för företagsapplikationer utvecklade till androidplattformen. Rapporten tar även upp Androids grunder och dess säkerhetsmodell. Syftet med rapporten var att undersöka Androids lämplighet för projekt som HOW Solutions har planerade. Under arbetet har en applikation för trådlös öppning av lås utvecklats. Resultatet var att många av de hot som upptäcktes var, för företag, i vissa fall är svåra att mitigera och att viss relevant funktionalitet saknas på plattformen. Trots det är slutsatsen att Android är en mogen plattform med ett gediget säkerhetsarbete och därför lämpar sig bra för företagsapplikationer.
|
2 |
Reviewing and Evaluating Techniques for Modeling and Analyzing Security RequirementsAbu-Sheikh, Khalil January 2007 (has links)
The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.
|
Page generated in 0.1183 seconds