Title :
Eliciting security requirements by misuse cases
Author :
Sindre, Guttorm ; Opdahl, Andreas L.
Author_Institution :
Dept. of Comput. & Inf. Sci., Norwegian Univ. of Sci. & Technol., Norway
Abstract :
Use case diagrams (L. Jacobson et al., 1992) have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated. However, not all kinds of requirements are equally well supported by use case diagrams. They are good for functional requirements, but poorer at e.g., security requirements, which often concentrate on what should not happen in the system. With the advent of e- and m-commerce applications, security requirements are growing in importance, also for quite simple applications where a short lead time is important. Thus, it would be interesting to look into the possibility for applying use cases on this arena. The paper suggests how this can be done, extending the diagrams with misuse cases. This new construct makes it possible to represent actions that the system should prevent, together with those actions which it should support
Keywords :
diagrams; formal specification; object-oriented programming; security of data; systems analysis; e-commerce; functional requirement; m-commerce; misuse cases; requirements engineering; security requirements; security requirements elicitation; short lead time; use case application; use case diagrams; Computer aided software engineering; Computer crime; Data security; Information science; Information security; Programming; Protection; Resists; User centered design; User interfaces;
Conference_Titel :
Technology of Object-Oriented Languages and Systems, 2000. TOOLS-Pacific 2000. Proceedings. 37th International Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
0-7695-0918-5
DOI :
10.1109/TOOLS.2000.891363
