Deriving security requirements from crosscutting threat descriptions
Proceedings of the 3rd international conference on Aspect-oriented software development
Eliciting confidentiality requirements in practice
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Problem frame patterns: an exploration of patterns in the problem space
Proceedings of the 2006 conference on Pattern languages of programs
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
Extending Problem Frames to deal with stakeholder problems: An Agent- and Goal-Oriented Approach
Proceedings of the 2009 ACM symposium on Applied Computing
Editorial: A roadmap of problem frames research
Information and Software Technology
Deriving requirements from process models via the problem frames approach
Information and Software Technology
Supporting requirements engineers in recognising security issues
REFSQ'11 Proceedings of the 17th international working conference on Requirements engineering: foundation for software quality
Security engineering using problem frames
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Problem frames and architectures for security problems
SAFECOMP'05 Proceedings of the 24th international conference on Computer Safety, Reliability, and Security
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Comparing risk identification techniques for safety and security requirements
Journal of Systems and Software
Hi-index | 0.02 |
We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.