Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel and Jackson, Michael
(2004). Using abuse frames to bound the scope of security problems.
In: Not Set ed.
12th IEEE International Requirements Engineering Conference (RE'04).
IEEE Computer Society, pp. 354–355.
Full text available as:
Security problems arise from the concern for
protecting assets from security threats. In a systems
development process, the security protection of a system
is specified by security requirements, identified from the
analysis of the threats to the system. However, as it is
often not possible to obtain a full system description until
late in the RE process, a security problem often has to be
described in the context of a bounded scope, that is, one
containing only the domains relevant to some part of the
functionality of the full system. By binding the scope of a
security problem, it can be described more explicitly and
precisely, thereby facilitating the identification and
analysis of threats, which in turn drive the elicitation and
elaboration of security requirements. In this poster, we
elaborate on an approach we developed based on abuse
frames and suggest how it can provide a means for
structuring and bounding the scope security problems.
Actions (login may be required)