Software project management
Using schematic scenarios to understand user needs
Proceedings of the 1st conference on Designing interactive systems: processes, practices, methods, & techniques
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Trust (and mistrust) in secure applications
Communications of the ACM
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Requirements monitoring in dynamic environments
RE '95 Proceedings of the Second IEEE International Symposium on Requirements Engineering
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Business Data Communications (5th Edition)
Business Data Communications (5th Edition)
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
The Effect of Trust Assumptions on the Elaboration of Security Requirements
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Trust obstacle mitigation for database systems
BNCOD'06 Proceedings of the 23rd British National Conference on Databases, conference on Flexible and Efficient Information Handling
Managing assumptions during agile development
SHARK '09 Proceedings of the 2009 ICSE Workshop on Sharing and Reusing Architectural Knowledge
Hi-index | 0.00 |
Security risk mitigation is a salient issue in systems development research. This paper introduces a lightweight approach to security risk mitigation that can be used within an Agile Development framework -- the Security Obstacle Mitigation Model (SOMM). The SOMM uses the concept of trust assumptions to derive obstacles and the concept of misuse cases to model the obstacles. A synthetic scenario, based on an on-line system, shows how the SOMM is used to anticipate malicious behaviour with respect to an operational information system and to document a priori how this malicious behaviour should be mitigated. Since the SOMM is conceptually simple in deployment, its use is well within the capacities of the users who form part of an Agile Development team and crucially it should not take up a significant amount of development time.