Introducing abuse frames to analyse security requirements

Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel; Jackson, Michael and Moffett, Jonathan (2003). Introducing abuse frames to analyse security requirements. In: Proceedings of the 11th International Conference on Requirements Engineering, 8-12 Sep 2003, Monterey, USA.

URL: http://csdl2.computer.org/comp/proceedings/re/2003...

Abstract

We are developing an approach using Jackson's
Problem Frames to analyse security problems in order to
determine security vulnerabilities. We introduce the
notion of an anti-requirement as the requirement of a
malicious user that can subvert an existing requirement.
We incorporate anti-requirements into so-called abuse
frames to represent the notion of a security threat
imposed by malicious users in a particular problem
context. We suggest how abuse frames can provide a
means for bounding the scope of security problems in
order to analyse security threats and derive security
requirements.

Viewing alternatives

Item Actions

Export

About

Recommendations