Eliciting security requirements with misuse cases

被引:0
|
作者
Guttorm Sindre
Andreas L. Opdahl
机构
[1] Norwegian University of Science and Technology (NTNU),Department of Computer and Information Science
[2] University of Bergen,Department of Information Science and Media Studies
来源
Requirements Engineering | 2005年 / 10卷
关键词
Security requirements; Use cases; Scenarios; Extra-functional requirements; Requirements elicitation; Requirements determination; Requirements specification; Requirements analysis;
D O I
暂无
中图分类号
学科分类号
摘要
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
引用
收藏
页码:34 / 44
页数:10
相关论文
共 50 条
  • [21] Alignment of misuse cases with security risk management
    Matulevicius, Raimundas
    Mayer, Nicolas
    Heymans, Patrick
    ARES 2008: PROCEEDINGS OF THE THIRD INTERNATIONAL CONFERENCE ON AVAILABILITY, SECURITY AND RELIABILITY, 2008, : 1397 - +
  • [22] Enhancing Misuse Cases With Risk Assessment for Safety Requirements
    Arogundade, Oluwasefunmi T.
    Misra, Sanjay
    Abayomi-Alli, Olusola O.
    Fernandez-Sanz, Luis
    IEEE ACCESS, 2020, 8 : 12001 - 12014
  • [23] A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements
    Argyropoulos, Nikolaos
    Shei, Shaun
    Kalloniatis, Christos
    Mouratidis, Haralambos
    Delaney, Aidan
    Fish, Andrew
    Gritzalis, Stefanos
    PROCEEDINGS OF THE 50TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2017, : 4827 - 4836
  • [24] Towards ontological approach to eliciting risk-based security requirements
    Arogundade, Oluwasefunmi Tale
    Jin, Zhi
    Yang, Xiaoguang
    International Journal of Information and Computer Security, 2014, 6 (02) : 143 - 178
  • [25] Assessing frameworks for eliciting privacy & security requirements from laws and regulations
    Olukoya, Oluwafemi
    COMPUTERS & SECURITY, 2022, 117
  • [26] Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
    Matulevicius, Raimundas
    Ahmed, Naved
    IT-INFORMATION TECHNOLOGY, 2013, 55 (06): : 225 - 230
  • [27] Developing Precise Misuse Cases with Security Robustness Analysis
    El-Attar, Mohamed
    22ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING & KNOWLEDGE ENGINEERING (SEKE 2010), 2010, : 571 - 576
  • [28] Towards Security Risk-Oriented Misuse Cases
    Soomro, Inam
    Ahmed, Naved
    BUSINESS PROCESS MANAGEMENT WORKSHOPS (BPM), 2013, 132 : 689 - 700
  • [29] Misuse cases help to elicit non-functional requirements
    Alexander, Ian
    Computing and Control Engineering Journal, 2003, 14 (01): : 40 - 45
  • [30] Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements
    Heitzenrater, Chad
    Simpson, Andrew
    PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, (ARES 2016), 2016, : 572 - 581
12345