CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Requirements Engineering Education for Professional Engineers
Proceedings of the 2008 conference on Knowledge-Based Software Engineering: Proceedings of the Eighth Joint Conference on Knowledge-Based Software Engineering
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Goal-oriented security threat mitigation patterns: a case of credit card theft mitigation
Proceedings of the 16th Conference on Pattern Languages of Programs
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Software and Systems Modeling (SoSyM)
Hi-index | 0.00 |
Security problems arise from the concern for protecting assets from security threats. In a systems development process, the security protection of a system is specified by security requirements, identified from the analysis of the threats to the system. However, as it is often not possible to obtain a full system description until late in the RE process, a security problem often has to be described in the context of a bounded scope, that is, one containing only the domains relevant to some part of the functionality of the full system. By binding the scope of a security problem, it can be described more explicitly and precisely, thereby facilitating the identification and analysis of threats, which in turn drive the elicitation and elaboration of security requirements. In this poster, we elaborate on an approach we developed based on abuse frames and suggest how it can provide a means for structuring and bounding the scope security problems.