Professional Documents
Culture Documents
RUP Extension For The Development of Secure Systems
RUP Extension For The Development of Secure Systems
net/publication/220135814
CITATIONS READS
12 238
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Carlos Eduardo de Barros Paes on 21 July 2017.
Figure 5 presents the tasks proposed for this • Threat Classification classifies the threats. The
activity: asset identification, threat identification, and classification can be made, for example, using
threat classification. In order to perform the asset Microsoft DREAD model (Damage Potential,
identification and threat identification tasks, it is Reproducibility, Exploitability, Affected users and
necessary to use as input the vision document. The Discoverability) [17]. This model helps to determine
vision document is created early in the RUP inception the actual impact of a security threat. This impact is
phase and defines the stakeholders view of the product measured in terms of threat risk. The attribution of the
to be developed, specified in terms of key needs and risk consists of the last step of the threat classification.
features The final results of the tasks development are For example, the risk of a specific threat can be the
the: threat document and attack tree work products. product of the threat probability and the potential
The following tasks are proposed for this activity: damage that indicates the consequences to the system
whether an attack happens. A scale of 1-10 can be used
• Asset Identification identifies what assets will be for the probability, where 1 represents a threat with
Transaction
TCA Coordinator TCB
TMA TMB
Transaction
Manager
Computer Computer
Bank A Bank B