Misuse Cases + Assets + Security Goals

Author

Okubo, Takao ; Taguchi, Kenji ; Yoshioka, Nobukazu

Author_Institution

Secure Comput. Lab., Fujitsu Labs. Ltd., Atsugi, Japan

Volume

3

fYear

2009

fDate

29-31 Aug. 2009

Firstpage

424

Lastpage

429

Abstract

Security is now the most critical feature of any computing systems. Eliciting and analyzing security requirements in the early stages of the system development process is highly recommended to reduce security vulnerabilities which might be found in the later stages of the system development process. In order to address this issue, we will propose a new extension of the misuse case diagram for analyzing and eliciting security requirements with special focus on assets and security goals. We will also present the process model in which business requirements and system requirements related to security features are separately analyzed and elicited in different phases. This process model helps us to analyze the requirements related to business goals in an earlier phase and to the system goals in a later phase so that any concerns related to them are dealt with separately. We will illustrate our approach with a case study taken from an accounting software package.

Keywords

formal specification; formal verification; security of data; systems analysis; accounting software package; asset goal; misuse case diagram; requirements analysis; requirements elicitation; security goal; security vulnerability reduction; system development process; Computer aided software engineering; Costs; Informatics; Laboratories; National security; Proposals; Protection; Software packages; Unified modeling language; Security Requirements Analysis; misuse cases;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Science and Engineering, 2009. CSE '09. International Conference on

Conference_Location

Vancouver, BC

Print_ISBN

978-1-4244-5334-4

Electronic_ISBN

978-0-7695-3823-5

Type

conf

DOI

10.1109/CSE.2009.18

Filename

5283205