Title :
Misuse Cases + Assets + Security Goals
Author :
Okubo, Takao ; Taguchi, Kenji ; Yoshioka, Nobukazu
Author_Institution :
Secure Comput. Lab., Fujitsu Labs. Ltd., Atsugi, Japan
Abstract :
Security is now the most critical feature of any computing systems. Eliciting and analyzing security requirements in the early stages of the system development process is highly recommended to reduce security vulnerabilities which might be found in the later stages of the system development process. In order to address this issue, we will propose a new extension of the misuse case diagram for analyzing and eliciting security requirements with special focus on assets and security goals. We will also present the process model in which business requirements and system requirements related to security features are separately analyzed and elicited in different phases. This process model helps us to analyze the requirements related to business goals in an earlier phase and to the system goals in a later phase so that any concerns related to them are dealt with separately. We will illustrate our approach with a case study taken from an accounting software package.
Keywords :
formal specification; formal verification; security of data; systems analysis; accounting software package; asset goal; misuse case diagram; requirements analysis; requirements elicitation; security goal; security vulnerability reduction; system development process; Computer aided software engineering; Costs; Informatics; Laboratories; National security; Proposals; Protection; Software packages; Unified modeling language; Security Requirements Analysis; misuse cases;
Conference_Titel :
Computational Science and Engineering, 2009. CSE '09. International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-5334-4
Electronic_ISBN :
978-0-7695-3823-5
DOI :
10.1109/CSE.2009.18
