Defining security requirements through misuse actions

IFIP International Federation for Information Processing

Volumn 219, Issue , 2006, Pages 123-137

  Fernandez, Eduardo B ^a   Vanhilst, Michael ^a   Petrie, Maria M Larrondo ^a   Huang, Shihong ^a  

^a Florida Atlantic Univ   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY;

DEFENSE MECHANISM; EXTERNAL ATTACKER; FORMAL DESIGN; SECURITY REQUIREMENTS; VALIDATION AND VERIFICATION;

SOFTWARE ENGINEERING;

EID: 33845264120     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-34831-5_10     Document Type: Article

References (23)

1. Alexander, I.: Misuse cases: Use cases with hostile intent. In IEEE Software, Vol. 20, No. 1, January/February 2003, IEEE Computer Society Press, Los Alamitos, California (2003) 58-66.
2. Liu, L., Yu, E. and Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In Proceedings of the 11th IEEE International Conference on Requirements Engineering (RE'03), Monterey, California, 8-12 September 2003, IEEE Computer Society Press, Los Alamitos, California (2003) 151-161.
3. Schneier, B.: Attack Trees: Modeling Security Threats. In Dr. Dobb's Journal, Vol. 24, No. 12, December 1999, CMP Media LLC, Manhasset, New York, USA (2003) 21-29.
4. Whitmore, J. J.: A method for designing secure solutions. In IBM Systems Journal, Vol. 40, No. 3, IBM, Riverton, New Jersey, USA (2001) 747-768. http://www.research.ibm.com/journal/sj
5. Zuccato, A.: Holistic security requirement engineering for electronic commerce. In Computers & Security, Vol. 23, No. 1, Elsevier, UK (2004) 63-76.
6. Howard, M., and LeBlanc, D. Writing secure code, (2nd Ed.), Microsoft Press, Redmond, Washington, USA (2003).
7. Sindre, G. and Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 2000), Sydney, Australia, 20-23 November 2000 IEEE Press, Los Alamitos, Cahfomia, USA (2000) 120-131.
8. Fernandez, E. B.: A methodology for secure software design. In Software Engineering Research and Practice: Proceedings of the International Conference on Software Engineering Research and Practice, SERP '04, Las Vegas, Nevada, USA, Vol. 1, 21-24 June 2004, H. R. Arabnia and H. Reza (eds.), CSREA Press, USA (2004) 130-136.
9. Fernandez, E. B., Larrondo-Petrie, M. M., Sorgente, T. and VanHilst M.: A methodology to develop secure systems using patterns. In Integrating security and software engineering: Advances and future vision, H. Mouratidis and P. Giorgini (Eds.), Idea Group, Hershey, Pennsylvania, USA (2006).
10. Larman, C.: Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3nd edition.), Prentice-Hall, Englewood Cliffs, New Jersey, USA (2005).
11. Fernandez, E. B., Gudes, E. and Olivier, M.: The Design of Secure Systems, Addison-Wesley, Reading, Massachussetts, USA (2007).
12. Fernandez, E. B., and Hawkins, J.C.: Determining Role Rights from Use Cases. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control, RBAC'97, Fairfax, Virginia, USA, 6-7 November 1997, ACM Press, New York, New York, USA (1997) 121-125.
13. Booch, G., Rumbaugh, J. and Jacobson, I.: The Unified Modeling Language User Guide (2nd Ed.), Addison-Wesley, Upper Saddle River, New Jersey, USA (2005).
14. Fernandez, E. B. and Liu, Y.: The Account Analysis Pattern. In Proceedings of EuroPLoP 2002 (Pattern Languages of Programs), Irsee Germany, 3-7 July 2002, Universitätsverlag Konstanz, Konstanz, Germany, (2002). http://www.hillside.net/patterns/EuroPLoP2002/
15. Leveson, N. G., Heimdahl, M. P. E., Hildreth, H. and Reese, J. D.: Requirements specification for process control systems. In IEEE Transactions on Software Engineering, Vol. 20, No 9, September 1994, IEEE Computer Society Press, Los Alamitos, California, USA (1994) 684-707.
16. Cleland-Huang, J., Denne, M., Mahjub, G., and Patel, N.: A goal-oriented approach for mitigating security and continuity risks. In Proceedings, of the IEEE Inernational Symposium on Secure Software Engineering (ISSSE'06), 13-15 March 2006, Arlington, Virginia, USA (2006) 167-177.
17. Haley, C.B., Laney, R.C., and Nuseiben, B.: Deriving security requirements from crosscutting threat descriptions. In Proceedings of the 3rd. International Conference on Aspect-Oriented Software Development (AOSD'04), Lancaster, UK, 22-26 March 2004, ACM Press, New York, New York, USA (2004) 112-121.
18. Jackson, M.: Problem Frames: Analysing and structuring software development problems, Addison-Wesley, Reading, Washington, USA (2001).
19. He, Q. and Anton, A. I.: Deriving access control policies from requirements specifications and database design. North Carolina State University CS Technical Report. TR-2004-24, (2004).
20. Mouratidis, H.,Giorgini, P. and Manson, G.A.: Using security attach scenarios to analyse security during information systems Design. In Proceedings of the 2nd International Workshop on Security in Information Systems at ICEIS 2004, Porto, Portugal, April 2004 (2004) 10-17.
21. van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04), Edinburgh, UK, 23-28 May 2004, IEEE Computer Society Press, Los Alamitos, California, USA (2004) 148-157.
22. Huang, S. and Tilley, A.: Workshop on Graphical Documentation for Programmers: Assessing the Efficacy of UML Diagrams for Program Understanding. Held in conjunction with The 11th International Workshop on Program Comprehension, IWPC 2003, 10 May 2003, Portland, Oregon, USA, IEEE Computer Society Press, Los Alamitos, California, USA (2003) 281-282.
23. Tilley, S., and Huang, S.: A qualitative assessment of the efficacy of UML diagrams as a form of graphical documentation in aiding program understanding. In Proceedings of the 21st ACM Annual International Conference on Design of Communication (SIGDOC 2003: 12-15 October 2003; San Francisco, California, USA, ACM Press: New York, New York, USA (2003) 184-191.