Eliciting security requirements by misuse cases

  title={Eliciting security requirements by misuse cases},
  author={Guttorm Sindre and A. Opdahl},
  journal={Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000},
  • G. Sindre, A. Opdahl
  • Published 2000
  • Computer Science
  • Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000
Use case diagrams (L. Jacobson et al., 1992) have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated. However, not all kinds of requirements are equally well supported by use case diagrams. They are good for functional requirements, but poorer at e.g., security requirements, which often concentrate on what should not happen in the system. With the advent of e- and m-commerce applications, security… 

Figures from this paper

Eliciting security requirements with misuse cases
This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines, and is potentially useful for several other types of extra-functional requirements beyond security.
Templates for Misuse Case Description
This paper discusses security related misuse cases through a discussion of templates for their textual description and introduces the concept of misuse cases – inverted use cases to denote functions that should not be possible to perform in a system.
Capturing Security Requirements through Misuse Cases
This paper discusses a conceptual extension of use cases, namely ‘misuse cases’, describing actions that should not be possible in a system, and discusses templates for their textual description.
Misuse Cases and Abuse Cases in Eliciting Security Requirements
It is observed that misuse cases are able to model a wider range of mis-users and they also interact with use cases in interesting and helpful ways.
Requirements Elicitation Introduction
A number of elicitation methods are discussed and the kind of tradeoff analysis that can be done to select a suitable one and how the unique aspects of security requirements elicitation drive selection of a method are described.
Integrating functional and security requirements with use case decomposition
  • Joshua J. Pauli, Dianxiang Xu
  • Computer Science
    11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06)
  • 2006
A complete set of security-centric requirements can be specified from the project outset to guide subsequent software development phases by properly modeling shared and optional cases.
Core Security Requirements Artefacts
A framework of core security requirements artefacts is proposed, which unifies the concepts of the two disciplines of requirements engineering and security engineering, and shows how to specify the relationship between security requirements and the specification of software behaviour, using Jackson's Problem Frames approach.
Misuse Cases + Assets + Security Goals
A new extension of the misuse case diagram is proposed for analyzing and eliciting security requirements with special focus on assets and security goals and a process model in which business requirements and system requirements related to security features are separately analyzed and elicited in different phases is presented.
Security Requirements Elicitation Using View Points for Online System
  • A. Agarwal, D. Gupta
  • Computer Science
    2008 First International Conference on Emerging Trends in Engineering and Technology
  • 2008
This paper defines a process for security requirements elicitation presenting techniques for activities like requirements discovery, analysis, prioritization and management and shows how Architecture team can choose most appropriate mechanism to implement them.
GRACE TECHNICAL REPORTS Security Requirements Analysis and Validation with Misuse Cases and Institutional Modelling
It is shown how any state of the system can be verified with respect to the events that brought about that state, and how the same traces enable: identification of possible times and causes of security breaches and establishment of possible consequences of security violations.


Seven myths of formal methods
Seven widely held conceptions about formal methods are challenged and the bounds of formal methods, the central role of specifications in the development process, and education and training are addressed.
Getting Started: Using Use Cases to Capture Requirements
Deriving Goals h m a Use Case Based Requirements Specification for an Electronic Commerce System ”
  • Scenario Usage in System Development : A Report on Current Practice “ , IEEE Software
Guiding Goal Models Using Scenarios ”
  • IEEE Transactions on Software Engineering
  • 1996