Copy the page URI to the clipboard
Lin, Luncheng; Nuseibeh, Bashar; Ince, Darrel; Jackson, Michael and Moffett, Jonathan
(2003).
URL: http://csdl2.computer.org/comp/proceedings/re/2003...
Abstract
We are developing an approach using Jackson's
Problem Frames to analyse security problems in order to
determine security vulnerabilities. We introduce the
notion of an anti-requirement as the requirement of a
malicious user that can subvert an existing requirement.
We incorporate anti-requirements into so-called abuse
frames to represent the notion of a security threat
imposed by malicious users in a particular problem
context. We suggest how abuse frames can provide a
means for bounding the scope of security problems in
order to analyse security threats and derive security
requirements.