Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Managing risk: methods for software systems development
Managing risk: methods for software systems development
Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Misuse and Abuse Cases: Getting Past the Positive
IEEE Security and Privacy
IEEE Security and Privacy
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Integrating Functional and Security Requirements with Use Case Decomposition
ICECCS '06 Proceedings of the 11th IEEE International Conference on Engineering of Complex Computer Systems
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Security Requirements for the Rest of Us: A Survey
IEEE Software
Do secure information system design methods provide adequate modeling support?
Information and Software Technology
IEEE Software
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
| Hi-index | 0.00 |
Gathering security-related requirements and designing dependable software is difficult. Even though software security has become one of the main challenge of software development and security issues are taken increasingly into account in software companies, the security viewpoint is typically loosely integrated in developers routines and development processes. This paper presents results from an experiment where use case, misuse case and mitigation use case descriptions were used to generate test cases for the system. This helps integrating the security characteristics into the product already in the first phases of development. By defining the misuse cases and planning corresponding mitigations help developers to build the security characteristics right into the product, because security is addressed throughout the development from the requirements phase to the testing phase. We suggest some enhancements to the misuse case approach to help developers identify security requirements more carefully. Furthermore, we present a procedure for generating test cases from the mitigations in order to ensure that security targets have been achieved. Results from our experiments indicate that the approach improves the process of producing relevant test cases.