The Open UniversitySkip to content

Using abuse frames to bound the scope of security problems

Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel and Jackson, Michael (2004). Using abuse frames to bound the scope of security problems. In: ed. 12th IEEE International Requirements Engineering Conference (RE'04). IEEE Computer Society, pp. 354–355.

Full text available as:
PDF (Not Set) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (82Kb)
DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


Security problems arise from the concern for
protecting assets from security threats. In a systems
development process, the security protection of a system
is specified by security requirements, identified from the
analysis of the threats to the system. However, as it is
often not possible to obtain a full system description until
late in the RE process, a security problem often has to be
described in the context of a bounded scope, that is, one
containing only the domains relevant to some part of the
functionality of the full system. By binding the scope of a
security problem, it can be described more explicitly and
precisely, thereby facilitating the identification and
analysis of threats, which in turn drive the elicitation and
elaboration of security requirements. In this poster, we
elaborate on an approach we developed based on abuse
frames and suggest how it can provide a means for
structuring and bounding the scope security problems.

Item Type: Book Chapter
Copyright Holders: 2004 IEEE
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 3662
Depositing User: Michelle Bailey
Date Deposited: 29 Jun 2006
Last Modified: 05 May 2011 10:17
Share this page:


Scopus Citations

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340