• Publications
  • Influence
Eliciting security requirements with misuse cases
TLDR
We present a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. Expand
  • 934
  • 67
  • PDF
Eliciting security requirements by misuse cases
TLDR
Use case diagrams (L. Jacobson et al., 1992) have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated. Expand
  • 165
  • 16
  • PDF
Experimental comparison of attack trees and misuse cases for security threat identification
TLDR
A number of methods have been proposed or adapted to include security in the requirements analysis stage, but the industrial take-up has been limited and there are few empirical and comparative evaluations. Expand
  • 130
  • 15
Templates for Misuse Case Description
TLDR
Use cases have proven helpful for eliciting, communicating and documenting requirements. Expand
  • 184
  • 15
Defining quality aspects for conceptual models
TLDR
The notion of quality for information system models and other conceptual models is not well understood, and in most literature only lists of useful properties have been provided. Expand
  • 168
  • 13
  • PDF
Mal-Activity Diagrams for Capturing Attacks on Business Processes
  • G. Sindre
  • Engineering, Computer Science
  • REFSQ
  • 11 June 2007
TLDR
In this paper we look into another type of technique that could complement misuse cases for early elicitation of security requirements, namely mal-activity diagrams. Expand
  • 86
  • 11
  • PDF
An Analytical Evaluation of BPMN Using a Semiotic Quality Framework
TLDR
Evaluation of modelling languages is important both to be able to select the most suitable languages according to the needs, and to improve existing languages. Expand
  • 81
  • 9
  • PDF
The REBOOT approach to software reuse
Although some companies have been successful in software reuse, many research projects on reuse have had little industrial penetration. Often the proposed technology has been too ambitious or exotic,Expand
  • 102
  • 6
  • PDF
Capturing Security Requirements through Misuse Cases
TLDR
This paper discusses a conceptual extension of use cases, namely ‘misuse cases’, describing actions that should not be possible in a system. Expand
  • 77
  • 6
  • PDF
Experimental Validation of the Learning Effect for a Pedagogical Game on Computer Fundamentals
TLDR
The question/answer-based computer game Age of Computers was introduced to replace traditional weekly paper exercises in a course in computer fundamentals in 2003. Expand
  • 61
  • 5