Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Extending XP practices to support security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Using model-based security analysis in component-oriented system development
Proceedings of the 2nd ACM workshop on Quality of protection
Security risk mitigation for information systems
BT Technology Journal
Aspect-oriented specification of threat-driven security requirements
International Journal of Computer Applications in Technology
Do secure information system design methods provide adequate modeling support?
Information and Software Technology
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
Threat scenario-based security risk analysis using use case modeling in information systems
Security and Communication Networks
Point-and-shoot security design: can we build better tools for developers?
Proceedings of the 2012 workshop on New security paradigms
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
| Hi-index | 0.01 |
This paper describes an extension to abuse-case-based security requirements analysis that provides alightweight means of increasing assurance in securityrelevant software. The approach is adaptable tolightweight software development processes but resultsin a concrete and explicit assurance argument. Likeabuse-case-based security requirements analysis, thisapproach is suitable for use in projects without securityexperts. When used in this way (without security experts)it will not produce as much assurance as the moretraditional alternatives, but arguably give better resultsthan ad hoc consideration of security issues.