Modelling misuse cases as a means of capturing security requirements
Document Type
Conference Proceeding
Publisher
secau- Security Research Centre, Edith Cowan University, Perth, Western Australia
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Security Science / Security Research Centre (secAU)
RAS ID
13108
Abstract
Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.
DOI
10.4225/75/57b536ddcd8c1
Access Rights
free_to_read
Comments
Johnstone, M. N. (2011). Modelling misuse cases as a means of capturing security requirements. Paper presented at the 9th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia. Original article available here.