Eliciting security requirements with misuse cases

被引:0
|
作者
Guttorm Sindre
Andreas L. Opdahl
机构
[1] Norwegian University of Science and Technology (NTNU),Department of Computer and Information Science
[2] University of Bergen,Department of Information Science and Media Studies
来源
Requirements Engineering | 2005年 / 10卷
关键词
Security requirements; Use cases; Scenarios; Extra-functional requirements; Requirements elicitation; Requirements determination; Requirements specification; Requirements analysis;
D O I
暂无
中图分类号
学科分类号
摘要
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
引用
收藏
页码:34 / 44
页数:10
相关论文
共 50 条
  • [41] Effective security requirements analysis: HAZOP and use cases
    Srivatanakul, T
    Clark, JA
    Polack, F
    INFORMATION SECURITY, PROCEEDINGS, 2004, 3225 : 416 - 427
  • [42] Eliciting gaps in requirements change
    Colette Rolland
    Camille Salinesi
    Anne Etien
    Requirements Engineering, 2004, 9 : 1 - 15
  • [43] Eliciting Operations Requirements for Applications
    Bass, Len
    Jeffery, Ross
    Wada, Hiroshi
    Weber, Ingo
    Zhu, Liming
    2013 1ST INTERNATIONAL WORKSHOP ON RELEASE ENGINEERING (RELENG), 2013, : 5 - 8
  • [44] A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
    Arogundade, O. T.
    Akinwale, A. T.
    Jin, Z.
    Yang, X. G.
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY, 2011, 5 (04) : 8 - 30
  • [45] A System for Managing Security Knowledge using Case Based Reasoning and Misuse Cases
    Visaggio, Corrado Aaron
    de Rosa, Francesca
    JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2009, 15 (15) : 3059 - 3078
  • [46] Eliciting requirements for a mammography training application
    Taylor, P. M.
    Hartswood, M.
    Blot, L.
    Anderson, S.
    Wilkinson, L.
    Anderson, E.
    Proctor, R.
    BREAST CANCER RESEARCH, 2008, 10 (Suppl 3)
  • [47] Using the common criteria to elicit security requirements with use cases
    Ware, Michael S.
    Bowles, John B.
    Eastman, Caroline M.
    PROCEEDINGS OF THE IEEE SOUTHEASTCON 2006, 2006, : 273 - 278
  • [48] FESR: A Framework for Eliciting Security Requirements based on Integration of Common Criteria and Weakness Detection Formal Model
    Li, Hongbo
    Li, Xiaohong
    Hao, Jianye
    Xu, Guangquan
    Feng, Zhiyong
    Xie, Xiaofei
    2017 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS), 2017, : 352 - 363
  • [49] Eliciting requirements for a mammography training application
    PM Taylor
    M Hartswood
    L Blot
    S Anderson
    L Wilkinson
    E Anderson
    R Proctor
    Breast Cancer Research, 10
  • [50] A DESIGN TAXONOMY FOR ELICITING CUSTOMER REQUIREMENTS
    MORRIS, LJ
    STAUFFER, LA
    COMPUTERS & INDUSTRIAL ENGINEERING, 1994, 27 (1-4) : 557 - 560
12345