Using abuse case models for security requirements analysis

McDermott, John; Fox, Christopher J.

doi:10.1109/csac.1999.816013

Cited by 276 publications

(211 citation statements)

References 5 publications

Supporting

Mentioning

195

Contrasting

Unclassified

Order By: Relevance

“…The results are intended to be used as the basis for the specification of security requirements. Prominent methods and techniques (amongst others) are abuse cases [41], misuse cases [42], and attack trees [43]. Other frequently mentioned methods in the context of SRE are intended to improve the capabilities for modeling security requirements or security-specific information.…”

Section: Sre Methodsmentioning

confidence: 99%

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Schmitt

Liggesmeyer

2015

CSIMQ

View full text Add to dashboard Cite

Abstract. This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository, which provides relevant security requirements sources, such as security information and knowledge sources and relevant compliance obligations, in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources, and to avoid unnecessary effort for identifying, understanding, and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

show abstract

Section: Sre Methodsmentioning

confidence: 99%

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Schmitt

Liggesmeyer

2015

CSIMQ

View full text Add to dashboard Cite

show abstract

“…An abuse case is defined as a specification of a type of complete interaction between a system and one or more actors, where the results of the interaction are harmful to the system, one of the actors, or one of the stakeholders of the system [6]. Also, Guttorm and Opdahl [32] define the concept of a misuse case, the inverse of a use case, which describes a function that the system should not allow.…”

Section: Related Workmentioning

confidence: 99%

“…McDermott and Fox adapt use cases [6] to capture and analyse security requirements, and they call the adaption an abuse case model [6]. An abuse case is defined as a specification of a type of complete interaction between a system and one or more actors, where the results of the interaction are harmful to the system, one of the actors, or one of the stakeholders of the system [6].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

Mouratidis

Giorgini

Manson

2003

Notes on Numerical Fluid Mechanics and Multidisciplinary Design

View full text Add to dashboard Cite

Abstract. Security is a crucial issue for information systems. Traditionally, security is considered after the definition of the system. However, this approach often leads to problems, which translate into security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and systems engineering. This paper argues for the need to develop a methodology that considers security as an integral part of the whole system development process. The paper contributes to the current state of the art by proposing an approach that considers security concerns as an integral part of the entire system development process and by relating this approach with existing work. The different stages of the approach are described with the aid of a case study; a health and social care information system.

show abstract

“…Abuse frames share the same notation as the normal problem frames, but each domain is now associated with a different meaning. McDermott and Fox adapt use cases [44] to capture and analyze security requirements, and they call the adaption an abuse case model. An abuse case is an interaction between a system and one or more actors, where the results of the interaction are harmful to the system, or one of the stakeholders of the system.…”

Section: Security Requirements Engineering: a Surveymentioning

confidence: 99%

Security and Trust Requirements Engineering

Giorgini

Massacci

Zannone

2005

Foundations of Security Analysis and Design III

View full text Add to dashboard Cite

Abstract. Integrating security concerns throughout the whole software development process is one of today's challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty is that providing security does not only require to solve technical problems but also to reason on the organization as a whole. This makes the usage of traditional software engineering methologies difficult or unsatisfactory: most proposals focus on protection aspects of security and explicitly deal with low level protection mechanisms and only an handful of them show the ability of capturing the high-level organizational security requirements, without getting suddenly bogged down into security protocols or cryptography algorithms. In this paper we critically review the state of the art in security requirements engineering and discuss the motivations that led us to propose the Secure Tropos methodology, a formal framework for modelling and analyzing security, that enhances the agent-oriented software development methodology i*/Tropos. We illustrate the Secure Tropos approach, a comprehensive case study, and discuss some later refinements of the Secure Tropos methodology to address some of its shortcomings. Finally, we introduce the ST-Tool, a CASE tool that supports our methodology.

show abstract

Using abuse case models for security requirements analysis

Abstract: Abstract

Cited by 276 publications

References 5 publications

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Getting Grip on Security Requirements Elicitation by Structuring and Reusing Security Requirements Sources

Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

Security and Trust Requirements Engineering

Contact Info

Product

Resources

About