Introducing abuse frames to analyse security requirements

Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel; Jackson, Michael and Moffett, Jonathan (2003). Introducing abuse frames to analyse security requirements. In: Proceedings of the 11th International Conference on Requirements Engineering, 8-12 Sep 2003, Monterey, USA.

URL: http://csdl2.computer.org/comp/proceedings/re/2003...

Abstract

We are developing an approach using Jackson's
Problem Frames to analyse security problems in order to
determine security vulnerabilities. We introduce the
notion of an anti-requirement as the requirement of a
malicious user that can subvert an existing requirement.
We incorporate anti-requirements into so-called abuse
frames to represent the notion of a security threat
imposed by malicious users in a particular problem
context. We suggest how abuse frames can provide a
means for bounding the scope of security problems in
order to analyse security threats and derive security
requirements.

Viewing alternatives

No digital document available to download for this item

Item Actions

Export

About