In order to properly specify the security requirements, there are a few methods that can be used; for example, UMLSec
is an UML extension focused on specifying security requirements regarding confidentiality, integrity, and availability
to develop secure systems, or security uses cases which represent scenarios focused on security issues. Based on the
problem-frame approach, we can highlight the abuse-frames proposal, which introduces the concept of anti-requirement.
An anti-requirement expresses the intentions of a malicious user, this can help with the definition of system threats.
References:
-
J. Jürjens, ‘UMLsec: Extending UML for Secure Systems Development’, in ≪UML≫ 2002 — The Unified Modeling
Language, 2002, pp. 412–425.
-
G. Sindre and A. L. Opdahl, ‘Eliciting security requirements with misuse cases’, Requir. Eng., vol.
10, no. 1, pp. 34–44, 2005.
-
Luncheng Lin, B. Nuseibeh, D. Ince, and M. Jackson, ‘Using abuse frames to bound the scope of
security problems’, in Proceedings. 12th IEEE International Requirements Engineering Conference, 2004., 2004, pp.
354–355.
|
