Eliciting Security Requirements by Misuse Cases
نویسندگان
چکیده
Use case diagrams have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated. However, not all kinds of requirements are equally well supported by use case dagrams. They are good for functional requirements, but poorer at, e.g., securiq requirements, which ofren concentrate on what should not happen in the system. With the advent of eand m-commerce applications securiq requirements are growing in importance, also for quite simple applications where a short lead time is important. Thus, it would be interesting to look into the possibility for applying use cases on this arena. This paper suggests how this can be done, extending the diagrams with misuse cases. This new construct makes it possible to represent actions that the system shouldprevent together with those actions which it should support. Keywordc use cases, requirements, security
منابع مشابه
Misuse Cases and Abuse Cases in Eliciting Security Requirements
Misuse cases, the inverted version of a use case can be used to elicit security requirements. Abuse cases also are used in eliciting security requirements. Their notation appears to be similar. This paper presents a brief comparison between misuse cases and abuse cases. It is observed that misuse cases are able to model a wider range of mis-users and they also interact with use cases in interes...
متن کاملCapturing Security Requirements through Misuse Cases
Use cases have become popular for eliciting, communicating and documenting requirements. They support functional requirements well, but provide less support for working with extra-functional requirements, such as security requirements. With the advent of eand m-commerce applications, such requirements are growing in importance. This paper discusses a conceptual extension of use cases, namely ‘m...
متن کاملTemplates for Misuse Case Description
Use cases have proven helpful for eliciting, communicating and documenting requirements. But whereas functional requirements are well supported, use cases provide less support for working with extra-functional requirements, such as security requirements. With the advent of e-commerce applications, security and other extra-functional requirements are growing in importance. In an earlier paper, t...
متن کاملTowards an Ontological Approach to Information System Security and Safety Requirement Modeling and Reuse
Preview Buy now DOI: 10.1080/19393555.2011.652290 O. T. Arogundadea*, A. T. Akinwaleb, Z. Jinc & X. G. Y anga pages 137-149 Version of record first published: 14 May 2012 Article Views: 66 Alert me TOC email alert TOC RSS feed Citation email alert Citation RSS feed ABSTRACT Misuse cases are currently used to identify safety and security threats and subsequently capture safety and security requi...
متن کاملMisuse Cases: Use Cases with Hostile Intent
Eliciting security requirements Security requirements exist because people and the negative agents that they create (such as computer viruses) pose real threats to systems. Security differs from all other specification areas in that someone is deliberately threatening to break the system. Employing use and misuse cases to model and analyze scenarios in systems under design can improve security ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000