Refining Use/Misuse/Mitigation Use Cases for Security Requirements

نویسنده

  • Joshua J. Pauli
چکیده

We investigate security at the same time as the functional requirements by refining and integrating use, misuse, and mitigation use cases. Security requirements rely on the interactions among normal system execution (use cases), attacks (misuse cases), and necessary security strategies (mitigation use cases), but previous approaches only use a high-level of abstraction. We use refinement to uncover details of each case and the relationships among them before integrating them. We identify and model “includes” and “extends” relationships within each refined case type, and use a condition-driven process that maintains these relationships as refinement continues. We then systematically identify and model “threatens” and “mitigates” relationships to integrate the cases at a detailed level.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Threat-Driven Architectural Design of Secure Information Systems

To deal with software security issues in the early stages of system development, this paper presents a threatdriven approach to the architectural design and analysis of secure information systems. In this approach, we model security threats to systems with misuse cases and mitigation requirements with mitigation use cases at the requirements analysis phase. Then we drive system architecture des...

متن کامل

Threat-Driven Design and Analysis of Secure Software Architectures

Computer software is a major source of security risks in information systems. To deal with software security issues in the early stages of software development, this paper presents a threatdriven approach to the architectural design and analysis of secure software. Based on the identification and mitigation of security threats as misuse use cases, we leverage use cases, misuse cases, and mitiga...

متن کامل

Security Use Cases

Although use cases are a popular modeling approach for engineering functional requirements, they are often misused when it comes to engineering security requirements because requirements engineers unnecessarily specify security architectural mechanisms instead of security requirements. After discussing the relationships between misuse cases, security use cases, and security mechanisms, this col...

متن کامل

Templates for Misuse Case Description

Use cases have proven helpful for eliciting, communicating and documenting requirements. But whereas functional requirements are well supported, use cases provide less support for working with extra-functional requirements, such as security requirements. With the advent of e-commerce applications, security and other extra-functional requirements are growing in importance. In an earlier paper, t...

متن کامل

Capturing Security Requirements through Misuse Cases

Use cases have become popular for eliciting, communicating and documenting requirements. They support functional requirements well, but provide less support for working with extra-functional requirements, such as security requirements. With the advent of eand m-commerce applications, such requirements are growing in importance. This paper discusses a conceptual extension of use cases, namely ‘m...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014