Automated Support for Framework Selection and Customization
Proceedings of the 19th IEEE international conference on Automated software engineering
Towards agile security in web applications
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Security testing with Selenium
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Aspect-oriented specification of threat-driven security requirements
International Journal of Computer Applications in Technology
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Journal of Systems and Software
Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Identifying vulnerabilities and critical requirements using criminal court proceedings
Proceedings of the 2009 ACM symposium on Applied Computing
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A taxonomy of asymmetric requirements aspects
Proceedings of the 10th international conference on Early aspects: current challenges and future directions
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Monitor petri nets for security monitoring
Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems
Experimental threat model reuse with misuse case diagrams
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Requirements trade-offs analysis in the absence of quantitative measures: a heuristic method
Proceedings of the 2011 ACM Symposium on Applied Computing
Towards developing consistent misuse case models
Journal of Systems and Software
Comparing alternatives for analyzing requirements trade-offs - In the absence of numerical data
Information and Software Technology
Editorial: Recent developments in high performance computing and security: An editorial
Future Generation Computer Systems
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Using SMCD to reduce inconsistencies in misuse case models: A subject-based empirical evaluation
Journal of Systems and Software
Software and Systems Modeling (SoSyM)
| Hi-index | 0.00 |
Negative scenarios have long been applied in e.g. military and commercial operations planning. The negative form of the Use Case is the 'Misuse Case'. Experience has been gained in applying Misuse Cases to analyse requirement/design option Trade-Offs in a railway case study.In a Trade-Off workshop, a diagram is constructed showing Use Cases for goals held by system designers, and Misuse Cases for goals of hostile agents. Relationships between these goals are elicited and documented on the diagram. Experience in a railway Trade-Off study led to the devising of a set of relationships suited to Trade-Off analysis: 'threatens', 'mitigates', 'aggravates', and 'conflicts with', as well as the more general 'includes'. The result is a graphic that makes clear to non-technical stakeholders how their requirements may conflict in the design domain. This contributed to the success of the Trade-Off workshop.The approach taken for the railway workshop is simple. It could be applied in other domains, and with other participative methods.