A System for Managing Security Knowledge using Case Based Reasoning and Misuse Cases

Corrado Visaggio; Francesca De Rosa

doi:10.3217/jucs-015-15-3059

JUCS - Journal of Universal Computer Science 15(15): 3059-3078, doi: 10.3217/jucs-015-15-3059

A System for Managing Security Knowledge using Case Based Reasoning and Misuse Cases

Corrado Aaron Visaggio^‡, Francesca De Rosa^‡

‡ University of Sanni, Benevento, Italy

Corresponding author: Corrado Visaggio ( visaggio@unisannio.it )

This article is freely available under the J.UCS Open Content License.

Citation: Visaggio CA, De Rosa F (2009) A System for Managing Security Knowledge using Case Based Reasoning and Misuse Cases. JUCS - Journal of Universal Computer Science 15(15): 3059-3078. https://doi.org/10.3217/jucs-015-15-3059

Abstract

Making secure a software system is a very critical purpose, especially because it is very hard to consolidate an exhaustive body of knowledge about security risks and related countermeasures. To define a technological infrastructure for exploiting this knowledge poses many challenges. This paper introduces a system to capture, share and reuse software security knowledge within a Software Organization. The system collects knowledge in the form of misuse cases and makes use of Case Based Reasoning for implementing knowledge management processes.

Keywords

misuse case, case base reasoning, security knowledge management