"Defining Security Requirements Through Misuse Actions" by Michael Van Hilst

Selected Works of Michael Van Hilst

Follow Contact

Article

Defining Security Requirements Through Misuse Actions

Advanced Software Engineering: Expanding the Frontiers of Software Technology

Michael Van Hilst, Nova Southeastern University
Eduardo B. Fernandez
Maria M. Larrondo-Petrie
Shihong Huang

Find in your library

Document Type

Article

Publication Date

1-1-2006

Abstract

An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification.

DOI

10.1007/978-0-387-34831-5_10

Disciplines

Computer Sciences

Citation Information

Michael Van Hilst, Eduardo B. Fernandez, Maria M. Larrondo-Petrie and Shihong Huang. "Defining Security Requirements Through Misuse Actions" Advanced Software Engineering: Expanding the Frontiers of Software Technology Vol. 219 (2006) p. 123 - 137 ISSN: 978-0-387-34831-5
Available at: http://works.bepress.com/michael-vanhilst/33/