Eliciting security requirements with misuse cases

被引:0
|
作者
Guttorm Sindre
Andreas L. Opdahl
机构
[1] Norwegian University of Science and Technology (NTNU),Department of Computer and Information Science
[2] University of Bergen,Department of Information Science and Media Studies
来源
Requirements Engineering | 2005年 / 10卷
关键词
Security requirements; Use cases; Scenarios; Extra-functional requirements; Requirements elicitation; Requirements determination; Requirements specification; Requirements analysis;
D O I
暂无
中图分类号
学科分类号
摘要
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
引用
收藏
页码:34 / 44
页数:10
相关论文
共 50 条
  • [31] Re-evaluation of PhishI game and its utilisation in eliciting security requirements
    Fatima, Rubia
    Yasin, Affan
    Liu, Lin
    Wang, Jianmin
    INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTER SECURITY, 2024, 23 (03) : 294 - 321
  • [32] Combining misuse cases with attack trees and security activity models
    Tondel, Inger Anne
    Jensen, Jostein
    Rostad, Lillian
    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 438 - 445
  • [33] MISUSE OF OCCUPATIONAL INFORMATION IN SOCIAL-SECURITY DISABILITY CASES
    BOSE, JL
    GRZESIK, TA
    GEIST, GO
    BRYANT, DR
    REHABILITATION COUNSELING BULLETIN, 1986, 30 (02) : 83 - 93
  • [34] Logic-based methodology to help security architects in eliciting high-level network security requirements
    Laborde, Romain
    Bulusu, Sravani Teja
    Wazan, Ahmad Samer
    Barrere, Francois
    Benzekri, Abdelmalek
    SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING, 2019, : 1610 - 1619
  • [35] A Top Down Approach for Eliciting Systems Security Requirements for a Notional Autonomous Space System
    Mailloux, Logan O.
    Span, Martin 'Trae'
    Mills, Robert F.
    Young, William Bill
    2019 13TH ANNUAL IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON), 2019,
  • [36] Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec
    Siv Hilde Houmb
    Shareeful Islam
    Eric Knauss
    Jan Jürjens
    Kurt Schneider
    Requirements Engineering, 2010, 15 : 63 - 93
  • [37] Constructing Security Cases Based on Formal Verification of Security Requirements in Alloy
    Zeroual, Marwa
    Hamid, Brahim
    Adedjouma, Morayo
    Jaskolka, Jason
    COMPUTER SAFETY, RELIABILITY, AND SECURITY, SAFECOMP 2023 WORKSHOPS, 2023, 14182 : 15 - 25
  • [38] Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec
    Houmb, Siv Hilde
    Islam, Shareeful
    Knauss, Eric
    Jurjens, Jan
    Schneider, Kurt
    REQUIREMENTS ENGINEERING, 2010, 15 (01) : 63 - 93
  • [39] Experimental comparison of attack trees and misuse cases for security threat identification
    Opdahl, Andreas L.
    Sindre, Guttorm
    INFORMATION AND SOFTWARE TECHNOLOGY, 2009, 51 (05) : 916 - 932
  • [40] Eliciting gaps in requirements change
    Rolland, C
    Salinesi, C
    Etien, A
    REQUIREMENTS ENGINEERING, 2004, 9 (01) : 1 - 15
12345