Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Modelling audit security for Smart-Card payment schemes with UML-SEC
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
A Framework for the Management of Information Security
ISW '97 Proceedings of the First International Workshop on Information Security
Specifying Security in a Composite System
ISW '97 Proceedings of the First International Workshop on Information Security
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Symbiotic Relationship Between Formal Methods and Security
CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Eliciting security requirements with misuse cases
Requirements Engineering
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Alignment of Misuse Cases with Security Risk Management
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Security and trust requirements engineering
Foundations of Security Analysis and Design III
| Hi-index | 0.00 |
The goal of this paper is to propose the use of the Misuse Case and Obligation use case concepts in the Software Development Life Cycle (SDLC) in order to position security concerns at the very beginning of this process and to get "secure applications". These concepts are built upon the "use case" concept which is well known by the community of application developers in companies and by the application sponsors. The application sponsors are the key business stakeholders that fund and/or rely on the application for their business benefits. As stated in [1] and [3], the use case concept has proven helpful for the elicitation of, communication about and documentation of requirements [4]. So, we think it is easier to introduce security requirements in the development lifecycle by reusing and/or constructing security requirement artifacts around the use case and UML approach.