Title :
Using abuse case models for security requirements analysis
Author :
McDermott, John ; Fox, Chris
Author_Institution :
Dept. of Comput. Sci., James Madison Univ., Harrisonburg, VA, USA
Abstract :
The relationships between the work products of a security engineering process can be hard to understand, even for persons with a strong technical background but little knowledge of security engineering. Market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without appropriate security-specific processes and models, they sometimes fail to produce effective solutions. We have adapted a proven object oriented modeling technique, use cases, to capture and analyze security requirements in a simple way. We call the adaptation an abuse case model. Its relationship to other security engineering work products is relatively simple, from a user perspective
Keywords :
human factors; object-oriented methods; security of data; user interfaces; abuse case models; market forces; object oriented modeling technique; security engineering process; security engineering work products; security features; security requirements analysis; security-specific processes; software practitioners; software solutions; use cases; user perspective; Computer aided software engineering; Computer science; Computer security; Displays; File systems; Information security; Knowledge engineering; Mathematical model; Object oriented modeling; Telephony;
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-0346-2
DOI :
10.1109/CSAC.1999.816013
