Visible to the public Nane: Identifying Misuse Cases Using Temporal Norm EnactmentsConflict Detection Enabled

TitleNane: Identifying Misuse Cases Using Temporal Norm Enactments
Publication TypeConference Paper
Year of Publication2016
AuthorsOzgur Kafali, Munindar P. Singh, Laurie Williams
Conference Name24th IEEE International Requirements Engineering Conference
Date PublishedTo Appear
Conference LocationBeijing, China
Keywordsdigital forensics, security requirements, temporal reasoning

Recent data breaches in domains such as healthcare, where confidentiality of data is crucial, indicate that misuse cases often originate from user errors rather than vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources. However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant resources. Consequently, a requirements analyst cannot readily identify the vulnerabilities based on user interactions. We adopt social norms as a natural, formal means of characterizing user interactions wherein potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by systematically generating potential temporal enactments that violate formally stated social norms. We propose Nane: a formal framework for identifying misuse cases from norm enactments. We represent misuse cases formally, and propose a semiautomated process for identifying misuse cases based on norm enactments. We show that our process is sound and complete with respect to the stated norms. We discuss the expressiveness of our representation, and demonstrate how Nane enables monitoring of misuse cases via temporal reasoning.

Citation KeyRE-16:Nane
Refereed DesignationRefereed