Eliciting security requirements with misuse cases

被引:0
|
作者
Guttorm Sindre
Andreas L. Opdahl
机构
[1] Norwegian University of Science and Technology (NTNU),Department of Computer and Information Science
[2] University of Bergen,Department of Information Science and Media Studies
来源
Requirements Engineering | 2005年 / 10卷
关键词
Security requirements; Use cases; Scenarios; Extra-functional requirements; Requirements elicitation; Requirements determination; Requirements specification; Requirements analysis;
D O I
暂无
中图分类号
学科分类号
摘要
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
引用
收藏
页码:34 / 44
页数:10
相关论文
共 50 条
  • [1] Eliciting security requirements with misuse cases
    Sindre, G
    Opdahl, AL
    REQUIREMENTS ENGINEERING, 2005, 10 (01) : 34 - 44
  • [2] Eliciting security requirements by misuse cases
    Sindre, G
    Opdahl, AL
    37TH INTERNATIONAL CONFERENCE ON TECHNOLOGY OF OBJECT-ORIENTED LANGUAGES AND SYSTEMS, PROCEEDINGS, 2000, : 120 - 143
  • [3] Eliciting security requirements through misuse activities
    Braz, Fabricio A.
    Ferriandez, Eduardo B.
    VanHilst, Michael
    DEXA 2008: 19TH INTERNATIONAL CONFERENCE ON DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, 2008, : 328 - +
  • [4] Eliciting Usable Security Requirements with Misusability Cases
    Faily, Shamal
    Flechais, Ivan
    2011 19TH IEEE INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2011, : 339 - 340
  • [5] Experiences in eliciting security requirements
    CERT, Software Engineering Institute
    不详
    CrossTalk, 2006, 12 (14-19):
  • [6] Eliciting Security Requirements - An Experience Report
    Trentinaglia, Roman
    Merschjohann, Sven
    Fockel, Markus
    Eikerling, Hendrik
    REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY, REFSQ 2023, 2023, 13975 : 351 - 365
  • [7] Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
    Abe, Tatsuya
    Hayashi, Shinpei
    Saeki, Motoshi
    ADVANCES IN CONCEPTUAL MODELING, ER 2015 WORKSHOPS, 2015, 9382 : 236 - 247
  • [8] Defining security requirements through misuse actions
    Fernandez, Eduardo B.
    VanHilst, Michael
    Petrie, Maria M. Larrondo
    Huang, Shihong
    ADVANCED SOFTWARE ENGINEERING: EXPANDING THE FRONTIERS OF SOFTWARE TECHNOLOGY, 2006, 219 : 123 - +
  • [9] A Serious Game for Eliciting Social Engineering Security Requirements
    Beckers, Kristian
    Pape, Sebastian
    2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), 2016, : 16 - 25
  • [10] Eliciting Security Requirements for Business Processes of Legacy Systems
    Argyropoulos, Nikolaos
    Marquez Alcaniz, Luis
    Mouratidis, Haralambos
    Fish, Andrew
    Rosado, David G.
    Garcia-Rodriguez de Guzman, Ignacio
    Fernandez-Medina, Eduardo
    PRACTICE OF ENTERPRISE MODELING, POEM 2015, 2015, 235 : 91 - 107
12345