Eliciting security requirements with misuse cases

被引:392
作者
Sindre, G [1 ]
Opdahl, AL
机构
[1] Norwegian Univ Sci & Technol, Dept Comp & Informat Sci, N-7034 Trondheim, Norway
[2] Univ Bergen, Dept Informat Sci & Media Studies, Bergen, Norway
来源
REQUIREMENTS ENGINEERING | 2005年 / 10卷 / 01期
关键词
security requirements; use cases; scenarios; extra-functional requirements; requirements elicitation; requirements determination; requirements specification; requirements analysis;
D O I
10.1007/s00766-004-0194-4
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.
引用
收藏
页码:34 / 44
页数:11
相关论文
共 53 条
[1]  
ABRAHAMSSON P, 2003, P 25 INT C SOFTW ENG
[2]  
ACHOURSALINESI CB, 1999, P 4 INT S REQ ENG RE
[3]   Misuse cases: Use cases with hostile intent [J].
Alexander, I .
IEEE SOFTWARE, 2003, 20 (01) :58-+
[4]  
Alexander I. F., 2002, P 8 INT WORKSH REQ E
[5]  
Amoroso E.G., 1994, FUNDAMENTALS COMPUTE
[6]  
[Anonymous], 2000, USE CASES REQUIREMEN
[7]  
[Anonymous], FUTURE SOFTWARE ENG
[8]  
[Anonymous], SURVIVING SECURITY I
[9]  
[Anonymous], 1995, SYSTEMS REQUIREMENTS
[10]  
[Anonymous], 1997, REQUIREMENTS ENG PRO
123456