Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel; Jackson, Michael and Moffett, Jonathan
Introducing abuse frames to analyse security requirements.
In: Proceedings of the 11th International Conference on Requirements Engineering, 8th-12th Sept 2003, Monterey, USA.
We are developing an approach using Jackson's
Problem Frames to analyse security problems in order to
determine security vulnerabilities. We introduce the
notion of an anti-requirement as the requirement of a
malicious user that can subvert an existing requirement.
We incorporate anti-requirements into so-called abuse
frames to represent the notion of a security threat
imposed by malicious users in a particular problem
context. We suggest how abuse frames can provide a
means for bounding the scope of security problems in
order to analyse security threats and derive security
Actions (login may be required)