Using Abuse Case Models for Security Requirements Analysis
نویسندگان
چکیده
The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without appropriate security-specific processes and models, they sometimes fail to produce effective solutions. We have adapted a proven object-oriented modeling technique, use cases, to capture and analyze security requirements in a simple way. We call the adaptation an abuse case model. Its relationship to other security engineering work products is relatively simple, from a
منابع مشابه
Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective
The present age, software is exploited and the understanding of increasing extent of risk exposure as a result is rarely developed. Security should be incorporate right from the requirements phase so that the security is inbuilt and properly incorporated into the software in development. To establish the fact that a process is improving or not is a matter that seems impossible without obtaining...
متن کاملA Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system devel...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملMisuse Cases and Abuse Cases in Eliciting Security Requirements
Misuse cases, the inverted version of a use case can be used to elicit security requirements. Abuse cases also are used in eliciting security requirements. Their notation appears to be similar. This paper presents a brief comparison between misuse cases and abuse cases. It is observed that misuse cases are able to model a wider range of mis-users and they also interact with use cases in interes...
متن کاملMisuse and Abuse Cases: Getting Past the Positive
trend, most systems for designing software also tend to describe positive features. Savvy software practitioners are beginning to think beyond features, touching on emergent properties of software systems such as reliability, security , and performance. This is mostly because experienced customers are beginning to demand secure and reliable software; but in many situations, it's still up to the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1999