article

Eliciting security requirements with misuse cases

Authors:

Guttorm Sindre,

Andreas L. OpdahlAuthors Info & Claims

Requirements Engineering, Volume 10, Issue 1

Pages 34 - 44

https://doi.org/10.1007/s00766-004-0194-4

Published: 01 January 2005 Publication History

Abstract

Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.

Cited By

View all

Wellßow AKohlisch-Posega JVeith EUslar M(2024)Threat Modeling for AI Analysis: Towards the Usage of Misuse Case Templates and UML Diagrams for AI Experiment Description and Trajectory GenerationProceedings of the 2024 13th International Conference on Informatics, Environment, Energy and Applications10.1145/3653912.3653915(7-16)Online publication date: 21-Feb-2024
https://dl.acm.org/doi/10.1145/3653912.3653915
Chimuco FSequeiros JSimōes TFreire MInácio P(2024)Expediting the design and development of secure cloud-based mobile appsInternational Journal of Information Security10.1007/s10207-024-00880-623:4(3043-3064)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s10207-024-00880-6
Broccia Gter Beek MLluch Lafuente ASpoletini PFerrari A(2024)Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security RequirementsRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-57327-9_3(39-56)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57327-9_3
Show More Cited By

Index Terms

Eliciting security requirements with misuse cases
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security
2. Software and its engineering
  1. Software creation and management
    1. Software development process management
      1. Software development methods
        Rapid application development

Recommendations

MOQARE: misuse-oriented quality requirements engineering

This work presents MOQARE (misuse-oriented quality requirements engineering), a method to explore quality requirements. The aim of MOQARE is to support intuitive and systematic identification of quality requirements. It was developed by integrating and ...
A Unified Model of Requirements Elicitation

Effective requirements elicitation is essential to the success of software development projects. Many papers have been written that promulgate specific elicitation methods. A few model elicitation in general. However, none have yet modeled elicitation ...
Requirements elicitation with business process modeling
PLoP '14: Proceedings of the 21st Conference on Pattern Languages of Programs

Requirements Elicitation is the area of Requirements Engineering that deals with identifying system requirements. The paper documents a pattern showing how to elicit functional requirements for a software product in the form of User Stories through ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Requirements Engineering Volume 10, Issue 1

January 2005

84 pages

ISSN:0947-3602

Issue’s Table of Contents

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 January 2005

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

147
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wellßow AKohlisch-Posega JVeith EUslar M(2024)Threat Modeling for AI Analysis: Towards the Usage of Misuse Case Templates and UML Diagrams for AI Experiment Description and Trajectory GenerationProceedings of the 2024 13th International Conference on Informatics, Environment, Energy and Applications10.1145/3653912.3653915(7-16)Online publication date: 21-Feb-2024
https://dl.acm.org/doi/10.1145/3653912.3653915
Chimuco FSequeiros JSimōes TFreire MInácio P(2024)Expediting the design and development of secure cloud-based mobile appsInternational Journal of Information Security10.1007/s10207-024-00880-623:4(3043-3064)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s10207-024-00880-6
Broccia Gter Beek MLluch Lafuente ASpoletini PFerrari A(2024)Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security RequirementsRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-57327-9_3(39-56)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57327-9_3
Patnaik NDwyer AHallett JRashid A(2023)SLR: From Saltzer and Schroeder to 2021…47 Years of Research on the Development and Validation of Security API RecommendationsACM Transactions on Software Engineering and Methodology10.1145/356138332:3(1-31)Online publication date: 27-Apr-2023
https://dl.acm.org/doi/10.1145/3561383
Koscinski VHashemi SMirakhorli MGrundy JPollock LPenta M(2023)On-Demand Security Requirements Synthesis with Relational Generative Adversarial NetworksProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00139(1609-1621)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00139
Labunets KMassacci FPaci FTuma K(2023)A new, evidence-based, theory for knowledge reuse in security risk analysisEmpirical Software Engineering10.1007/s10664-023-10321-y28:4Online publication date: 25-May-2023
https://dl.acm.org/doi/10.1007/s10664-023-10321-y
Qurashi JSandhu SBhari P(2022)Benchmark for Investigating the Security in Software Development PhasesProceedings of the 4th International Conference on Information Management & Machine Intelligence10.1145/3590837.3590860(1-12)Online publication date: 23-Dec-2022
https://dl.acm.org/doi/10.1145/3590837.3590860
Jahn SKaul NMottok JBecker BQuille KLaakso MBarendsen ESimon (2022)Using or Misusing?Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 110.1145/3502718.3524823(491-497)Online publication date: 7-Jul-2022
https://dl.acm.org/doi/10.1145/3502718.3524823
Okubo TKaiya H(2022)Efficient secure DevOps using process mining and Attack Defense TreesProcedia Computer Science10.1016/j.procs.2022.09.079207:C(446-455)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1016/j.procs.2022.09.079
Ki-Aries DFaily SDogan HWilliams C(2022)Assessing system of systems information security risk with OASoSISComputers and Security10.1016/j.cose.2022.102690117:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102690
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Index Terms

Recommendations

MOQARE: misuse-oriented quality requirements engineering

A Unified Model of Requirements Elicitation

Requirements elicitation with business process modeling

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations