Eliciting security requirements through misuse activities

Proceedings - International Workshop on Database and Expert Systems Applications, DEXA

Volumn , Issue , 2008, Pages 328-333

  Braz, Fabricio A ^a   Fernandez, Eduardo B ^b   VanHilst, Michael ^b  

^a UNIVERSITY OF BRASILIA   (Brazil)

^b FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACTIVITY DIAGRAMS; ANALYSIS RESULTS; EXTENDED ANALYSES; SECURE SYSTEMS; SECURITY PATTERNS; SECURITY REQUIREMENTS; USE CASES;

ADMINISTRATIVE DATA PROCESSING; DECISION SUPPORT SYSTEMS; EXPERT SYSTEMS; PROBLEM SOLVING;

DATABASE SYSTEMS;

EID: 57849125076     PISSN: 15294188     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DEXA.2008.101     Document Type: Conference Paper

References (19)

1. I. Alexander. Misuse Cases: Use Cases with Hostile Intent. IEEE Software, 20(1):58-66, 2003.
2. S. Barman. Writing Information Security Policies. SAMS, Indianapolis, 2001.
3. CERT Coordination Center. Carnegie Mellon University. Full statistics, Jan 2008. http://www.cert.org/stats/fullstats.html.
4. E. Cole and S. Ring. Insider Threat: Protecting The Enterprise From Sabotage, Spying, And Theft. Syngress, 1 edition, 2005.
5. Microsoft Corporation. Microsoft Threat Analysis and Modeling Tool, Version 2.1, 2006.
6. E. B. Fernandez, M. VanHilst, M. M. L. Petrie, and S. Huang. Defining security requirements through misuse actions. In S. F. Ochoa and G.-C. Roman, editors, Advanced Software Engineering: Expanding the Frontiers of Software Technology, volume 219 of IFIP International Federation for Information Processing, 123-137. Springer Boston, November 2006.
7. K. M. Goertzel, T. Winograd, H. L. McKinley, and P. Holley. Security in The Software Life Cycle. Technical Report DRAFT Version 1.2, Department of Homeland Security, August 2006.
8. D. Gollmann. Computer Security. John Wiley & Sons, Inc., New York, NY, USA, 2nd edition, 2006.
9. C. Haley, R. Laney, J. Moffett, and B. Nuseibeh. Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng., 34(1):133-153, 2008.
10. D. Hatebur, M. Heisel, and H. Schmidt. Analysis and component-based realization of security requirements. In Proceedings of the International Conference on Availability, Reliability and Security (AReS), IEEE Transactions, pages 195-203. IEEE, 2008.
11. M. G. Jaatun and I. A. Tøndel. Covering Your Assets in Software Engineering. In Proceedings of the International Conference on Availability, Reliability and Security (AReS), IEEE Computer Society, pages 1172-1179, 2008..
12. H. Mouratidis, P. Giorgini, G. Manson. When Security Meets Software Engineering: a Case of Modelling Secure Information Systems. Inf. Syst, Elsevier Science Ltd., Oxford, UK, v. 30, n. 8, p. 609-629, 2005.
13. Payment Card Industry Security Standard Council. Payment Card Industry (PCI) Data Security Standard. Technical Report 1.1, 2006.
14. M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore. Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. Technical Report CMU/SEI-2004-TR-021 / ESC-TR-2004-021, National Threat Assessment Center, United States Secret Service and CERT Coordination Center, Software Engineering Institute, 2004.
15. S. T. Redwine Jr. Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire and Sustain Secure Software. Technical Report Version 1.2, US Departments of Homeland Security, October 2007.
16. M. Schumacher, E. B. Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad. Security Patterns Integrating Security and Systems Engineering. John Wiley & Sons Ltd, 2006.
17. M. Shaheen. The Homeland Security Market Essential Dynamics and Trends. Technical report, Civitas Group LLC, December 2006.
18. G. Sindre and L. Opdahl. Eliciting security requirements with misuse cases. Requir. Eng., 10(1):34-44, 2005.
19. F. Swiderski and W. Snyder. Threat Modeling. Microsoft Press, July 2004