DocumentCode :
2089653
Title :
Introducing abuse frames for analysing security requirements
Author :
Lin, Luncheng ; Nuseibeh, Bashar ; Ince, Darrel ; Jackson, Michael ; Moffett, Jonathan
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes, UK
fYear :
2003
fDate :
8-12 Sept. 2003
Firstpage :
371
Lastpage :
372
Abstract :
We are developing an approach using Jackson´s Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.
Keywords :
computer crime; data privacy; formal specification; formal verification; security of data; systems analysis; Jackson Problem Frames; abuse frames; data privacy; malicious user; security vulnerability; system security requirement analysis; Automation; Computer science; Computer security; Design engineering; Engineering management; Information security; Internet; Mission critical systems; Protection; Systems engineering and theory;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Requirements Engineering Conference, 2003. Proceedings. 11th IEEE International
ISSN :
1090-705X
Print_ISBN :
0-7695-1980-6
Type :
conf
DOI :
10.1109/ICRE.2003.1232791
Filename :
1232791
Link To Document :
بازگشت