Eliciting security requirements with misuse cases

  title={Eliciting security requirements with misuse cases},
  author={G. Sindre and A. Opdahl},
  journal={Requirements Engineering},
  • G. Sindre, A. Opdahl
  • Published 2004
  • Computer Science
  • Requirements Engineering
  • Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases… CONTINUE READING
    934 Citations

    Figures, Tables, and Topics from this paper

    Explore Further: Topics Discussed in This Paper

    Misuse Cases and Abuse Cases in Eliciting Security Requirements
    • 5
    • PDF
    Modelling misuse cases as a means of capturing security requirements
    • 6
    • PDF
    An Anti-pattern for Misuse Cases
    • PDF
    Eliciting usable security requirements with misusability cases
    • 5
    • PDF
    Using the Common Criteria to Elicit Security Requirements with Use Cases
    • 37
    • Highly Influenced
    • PDF
    Security Requirements Elicitation via Weaving Scenarios Based on Security Evaluation Criteria
    • H. Itoga, A. Ohnishi
    • Computer Science
    • Seventh International Conference on Quality Software (QSIC 2007)
    • 2007
    • 2


    Security Use Cases
    • 236
    • Highly Influential
    • PDF
    Templates for Misuse Case Description
    • 184
    Eliciting security requirements by misuse cases
    • G. Sindre, A. Opdahl
    • Computer Science
    • Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000
    • 2000
    • 165
    • PDF
    Using abuse case models for security requirements analysis
    • J. McDermott, C. Fox
    • Computer Science
    • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
    • 1999
    • 484
    • Highly Influential
    • PDF
    Generalization/specialization as a structuring mechanism for misuse cases
    • 36
    Abuse-case-based assurance arguments
    • J. McDermott
    • Computer Science
    • Seventeenth Annual Computer Security Applications Conference
    • 2001
    • 75
    • Highly Influential
    Security requirements engineering: when anti-requirements hit the fan
    • 118
    • PDF
    Deriving Goals from a Use-Case Based Requirements Specification
    • 121
    • PDF
    Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems
    • 85
    • PDF