Title :
Introducing abuse frames for analysing security requirements
Author :
Lin, Luncheng ; Nuseibeh, Bashar ; Ince, Darrel ; Jackson, Michael ; Moffett, Jonathan
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes, UK
Abstract :
We are developing an approach using Jackson´s Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.
Keywords :
computer crime; data privacy; formal specification; formal verification; security of data; systems analysis; Jackson Problem Frames; abuse frames; data privacy; malicious user; security vulnerability; system security requirement analysis; Automation; Computer science; Computer security; Design engineering; Engineering management; Information security; Internet; Mission critical systems; Protection; Systems engineering and theory;
Conference_Titel :
Requirements Engineering Conference, 2003. Proceedings. 11th IEEE International
Print_ISBN :
0-7695-1980-6
DOI :
10.1109/ICRE.2003.1232791