Digital Library

Eliciting Security Requirements through Misuse Activities

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DEXA.2008.101

2008 19th International Conference on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Fabricio A. Braz Articles by Eduardo B. Fernandez Articles by Michael VanHilst

	ASCII Text	x
	Fabricio A. Braz, Eduardo B. Fernandez, Michael VanHilst, "Eliciting Security Requirements through Misuse Activities," Database and Expert Systems Applications, International Workshop on, vol. 0, no. 0, pp. 328-333, 2008 19th International Conference on Database and Expert Systems Application, 2008.

	BibTex	x
	@article{ 10.1109/DEXA.2008.101, author = {Fabricio A. Braz and Eduardo B. Fernandez and Michael VanHilst}, title = {Eliciting Security Requirements through Misuse Activities}, journal ={Database and Expert Systems Applications, International Workshop on}, volume = {0}, year = {2008}, issn = {1529-4188}, pages = {328-333}, doi = {http://doi.ieeecomputersociety.org/10.1109/DEXA.2008.101}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Database and Expert Systems Applications, International Workshop on TI - Eliciting Security Requirements through Misuse Activities SN - 1529-4188 SP328 EP333 A1 - Fabricio A. Braz, A1 - Eduardo B. Fernandez, A1 - Michael VanHilst, PY - 2008 KW - security patterns KW - security requirements KW - software engineering VL - 0 JA - Database and Expert Systems Applications, International Workshop on ER -

Fabricio A. Braz

Eduardo B. Fernandez

Michael VanHilst

In previous work we introduced an approach for finding security requirements based on misuse activities (actions). This method starts from the activity diagram of a use case (or a sequence of use cases). Each activity is analyzed to see how it could be subverted to produce a misuse of information. This analysis results in a set of threats. We then consider which policies can stop or mitigate these threats. We now extend that approach to consider in the analysis the type of misuse (confidentiality, integrity ...) that can happen in each activity, the role of the attacker, and the context for the threat. This extended analysis results in a finer and more systematic way to find threats and we can identify now more threats. We also improve the way to find the policies to control these threats and we consider how to map the corresponding policies to security patterns. The information in each pattern helps in the selection of an optimal (or good) set of policies. Our extended approach can be conveniently incorporated in a methodology to build secure systems.

Index Terms:

security patterns, security requirements, software engineering

Citation:

Fabricio A. Braz, Eduardo B. Fernandez, Michael VanHilst, "Eliciting Security Requirements through Misuse Activities," dexa,pp.328-333, 2008 19th International Conference on Database and Expert Systems Application, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.

				Searching...	Advanced Search
	CS Search		Google Search