Software for use: a practical guide to the models and methods of usage-centered design
Software for use: a practical guide to the models and methods of usage-centered design
Use cases: requirements in context
Use cases: requirements in context
Safe and sound: a safety-critical approach to security
Proceedings of the 2001 workshop on New security paradigms
Writing Effective Use Cases
Towards requirements-driven information systems engineering: the Tropos project
Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
The CORAS methodology: model-based risk assessment using UML and UP
UML and the unified process
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Eliciting security requirements with misuse cases
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Software Security: Building Security In
Software Security: Building Security In
Engineering Safety and Security Related Requirements for Software Intensive Systems
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
| Hi-index | 0.00 |
This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.