An extended misuse case notation: Including vulnerabilities and the insider threat

REFSQ 2006 - Proceedings of the 12th International Working Conference on Requirements Engineering: Foundation for Software Quality, In Conjunction with CAiSE 2006

Volumn , Issue , 2006, Pages 33-43

  Røstad, Lillian ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

REQUIREMENTS ENGINEERING; RISK ANALYSIS;

ANALYSIS PROCESS; INSIDER THREAT; MISUSE CASE; SECURITY REQUIREMENTS; SYSTEM DEVELOPMENT; SYSTEM DEVELOPMENT PROCESS;

COMPUTER SOFTWARE SELECTION AND EVALUATION;

EID: 77954606675     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (22)

1. Unified modeling language: Superstructure. Technical report, Object Management Group (OMG), August 2005. http://www.omg.org.
2. I. Alexander. Initial industrial experience of misuse cases in trade-off analysis. In IEEE Joint International Conference on Requiremenst Engineering, Essen, Germany, 2002. IEEE.
3. I. Alexander. Modelling the interplay of conflicting goals with use and misuse cases. In Goal-Oriented Business-Process Modeling (GBMP) 2002, volume 109, London, UK, 2002. CEUR Workshop Proceedings.
4. I. Alexander. Modelling the interplay of conflicting goals with use and misuse cases. In International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ) 2002, Essen, Germany, 2002.
5. I. Alexander. Misuse cases help to elicit non-functional requirements. Computing & Control Engineering Journal, 14(1):40-45, 2003.
6. I. Alexander. Misuse cases: Use cases with hostile intent. IEEE Software, 20(1):58-66, 2003.
7. I. Alexander and N. Maiden. Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle. John Wiley & Sons, 2004. ISBN: 0470861940.
8. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role-Based Access Control. Computer Security Series. Artech House Publishers, Boston, 1 edition, 2003. ISBN: 1580533701.
9. D. G. Firesmith. Security use cases. Journal of Object Technology, 2(3):53-64, 2003.
10. P. Hope, G. McGraw, and A. I. Anton. Misuse and abuse cases: Getting past the positive. IEEE Security & Privacy, 2(3):90-92, May/June 2004.
11. J. McDermott. Abuse case models for security requirements analysis. In Symposium on Requirements Engineering for Information Security (SREIS), Indianapolis, USA, 2001.
12. J. McDermott and C. Fox. Using abuse case models for security requirements analysis. In Annual Computer Security Applications Conference, Phoenix, Arizona, 1999.
13. G. McGraw. Software Security-Building Security In. Addison-Wesley Software Security Series. Addison-Wesley (Pearson Education), Boston, 1 edition, 2006. ISBN: 0321356705.
14. G. Sindre, D. G. Firesmith, and A. L. Opdahl. A reuse-based approach to determining security requirements. In 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), Klagenfurt/Velden, Austria, 2003.
15. G. Sindre and A. L. Opdahl. Eliciting security requirements by misuse cases. In 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 2000), pages 120-131, Sydney, Australia, 2000.
16. G. Sindre and A. L. Opdahl. Capturing security requirements through misuse cases. In Norsk Informatikkonferanse (NIK), Tromsø, Norway, 2001.
17. G. Sindre and A. L. Opdahl. Templates for misuse case description. In Seventh International Workshop on Requirements Engineering: Foundation of Software Quality (REFSQ'2001), Interlaken, Switzerland, 2001.
18. G. Sindre and A. L. Opdahl. Eliciting security requirments with misuse cases. Requirements Engineering, 10(1):34-44, 2005.
19. G. Sindre, A. L. Opdahl, and G. F. Brevik. Generalization/specialization as a structuring mechanism for misuse cases. In 2nd Symposium on Requirements Engineering for Information Security (SREIS'02),, Raleigh, NC, USA, 2002.
20. F. Swiderski. Threat Modeling. Microsoft Press U.S., 2004. ISBN: 0735619913.
21. D. Verdon and G. McGraw. Risk analysis in software design. IEEE Security & Privacy, 2(4):79-84, 2004.
22. J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley, 2001. ISBN: 020172152X.