Introducing Abuse Frames for Analysing Security Requirements
نویسندگان
چکیده
We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.
منابع مشابه
Analysing Security Threats and Vulnerabilities Using Abuse Frames
In this paper, we present an approach using problem frames to analyse security problems in order to determine security threats and vulnerabilities. We use problem frames to capture and bound the base system that is to be protected. We consider threats to this base problem frame from the point of view of the attacker. For each class of threats, their successful realisation is regarded as the ant...
متن کاملCapturing security requirements for software systems
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements...
متن کاملA Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system devel...
متن کاملBuilding Security In
usability, and, of course, security. An earlier contribution to this department stressed the importance of going beyond functional requirements. The authors introduced misuse or abuse cases as counterparts to use cases and explained that although use cases capture functional requirements, abuse cases describe how users can misuse a system with malicious intent, thereby identifying additional se...
متن کاملUsing Abuse Case Models for Security Requirements Analysis
The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without...
متن کامل