CCE Faculty Articles
Defining Security Requirements Through Misuse Actions
Document Type
Article
Publication Title
Advanced Software Engineering: Expanding the Frontiers of Software Technology
ISSN
978-0-387-34831-5
Publication Date
2006
Abstract
An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification.
DOI
10.1007/978-0-387-34831-5_10
Volume
219
First Page
123
Last Page
137
NSUWorks Citation
Van Hilst, Michael; Fernandez, Eduardo B.; Larrondo-Petrie, Maria M.; and Huang, Shihong, "Defining Security Requirements Through Misuse Actions" (2006). CCE Faculty Articles. 468.
https://nsuworks.nova.edu/gscis_facarticles/468