Using model-based security analysis in component-oriented system development
Proceedings of the 2nd ACM workshop on Quality of protection
A risk-driven security analysis method and modelling language
BT Technology Journal
Science of Computer Programming
Computer-aided Support for Secure Tropos
Automated Software Engineering
Secure information systems engineering: a manifesto
International Journal of Electronic Security and Digital Forensics
Executable misuse cases for modeling security concerns
Proceedings of the 30th international conference on Software engineering
Computer Standards & Interfaces
Do secure information system design methods provide adequate modeling support?
Information and Software Technology
Journal of Systems and Software
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Enforcing a security pattern in stakeholder goal models
Proceedings of the 4th ACM workshop on Quality of protection
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Web Services-Based Security Requirement Elicitation
IEICE - Transactions on Information and Systems
Identifying vulnerabilities and critical requirements using criminal court proceedings
Proceedings of the 2009 ACM symposium on Applied Computing
Extending Problem Frames to deal with stakeholder problems: An Agent- and Goal-Oriented Approach
Proceedings of the 2009 ACM symposium on Applied Computing
DREP: A Requirements Engineering Process for Dependable Reactive Systems
Methods, Models and Tools for Fault Tolerance
Security Requirements Elicitation Using Method Weaving and Common Criteria
Models in Software Engineering
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Modeling of secure data extraction in ETL processes using UML 2.0
AsiaMS '07 Proceedings of the IASTED Asian Conference on Modelling and Simulation
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Requirements Engineering of an Access Protection
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Security-aware software development life cycle (SaSDLC): processes and tools
WOCN'09 Proceedings of the Sixth international conference on Wireless and Optical Communications Networks
Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile Grid Application
ER '09 Proceedings of the ER 2009 Workshops (CoMoL, ETheCoM, FP-UML, MOST-ONISW, QoIS, RIGiM, SeCoGIS) on Advances in Conceptual Modeling - Challenging Perspectives
A systematic review of security requirements engineering
Computer Standards & Interfaces
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Towards improved security criteria for certification of electronic health record systems
Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care
Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Security & scalability architecture for next generation internet services
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Security requirements engineering framework for software product lines
Information and Software Technology
Tool support for essential use cases to better capture software requirements
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the second annual workshop on Security and privacy in medical and home-care systems
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
Comparing safety analysis based on sequence diagrams and textual use cases
CAiSE'10 Proceedings of the 22nd international conference on Advanced information systems engineering
Privacy threats in a mobile enterprise social network
Information Security Tech. Report
Experimental threat model reuse with misuse case diagrams
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
Environment-driven threats elicitation for web applications
KES-AMSTA'11 Proceedings of the 5th KES international conference on Agent and multi-agent systems: technologies and applications
Towards developing consistent misuse case models
Journal of Systems and Software
Safety methods in software process improvement
EuroSPI'05 Proceedings of the 12th European conference on Software Process Improvement
Designing security requirements models through planning
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Trustworthy instantiation of frameworks
Proceedings of the 2004 international conference on Architecting Systems with Trustworthy Components
Proceedings of the 21st international conference companion on World Wide Web
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Does organizing security patterns focus architectural choices?
Proceedings of the 34th International Conference on Software Engineering
Designing software security with UML extensions: post-conference workshop
Journal of Computing Sciences in Colleges
A graph based requirements clustering approach for component selection
Advances in Engineering Software
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
MDSE@R: model-driven security engineering at runtime
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements
International Journal of Information Security and Privacy
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework
International Journal of Secure Software Engineering
Modelling Security Using Trust Based Concepts
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Comparing risk identification techniques for safety and security requirements
Journal of Systems and Software
A formal approach for inspecting privacy and trust in advanced electronic services
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Automotive functional safety = safety + security
Proceedings of the First International Conference on Security of Internet of Things
A framework to support selection of cloud providers based on security and privacy requirements
Journal of Systems and Software
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Value-based argumentation for designing and auditing security measures
Ethics and Information Technology
Using SMCD to reduce inconsistencies in misuse case models: A subject-based empirical evaluation
Journal of Systems and Software
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Software and Systems Modeling (SoSyM)
Computer Standards & Interfaces
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
| Hi-index | 0.00 |
Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.