Eliciting security requirements with misuse cases

被引：389

作者：

Sindre, G ^{[1
]}

Opdahl, AL

机构：

[1] Norwegian Univ Sci & Technol, Dept Comp & Informat Sci, N-7034 Trondheim, Norway

[2] Univ Bergen, Dept Informat Sci & Media Studies, Bergen, Norway

来源：

REQUIREMENTS ENGINEERING | 2005年 / 10卷 / 01期

关键词：

security requirements; use cases; scenarios; extra-functional requirements; requirements elicitation; requirements determination; requirements specification; requirements analysis;

D O I：

10.1007/s00766-004-0194-4

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.

引用

页码：34 / 44

页数：11

共 53 条

[1] ABRAHAMSSON P, 2003, P 25 INT C SOFTW ENG
[2] ACHOURSALINESI CB, 1999, P 4 INT S REQ ENG RE
[3] Misuse cases: Use cases with hostile intent
Alexander, I
[J]. IEEE SOFTWARE, 2003, 20 (01) : 58 - +
[4] Alexander I. F., 2002, P 8 INT WORKSH REQ E
[5] Amoroso E.G., 1994, FUNDAMENTALS COMPUTE
[6] [Anonymous], 2000, USE CASES REQUIREMEN
[7] [Anonymous], FUTURE SOFTWARE ENG
[8] [Anonymous], SURVIVING SECURITY I
[9] [Anonymous], 1995, SYSTEMS REQUIREMENTS
[10] [Anonymous], 1997, REQUIREMENTS ENG PRO

← 1 2 3 4 5 6 →