Proposed Algorithm for Creation of Misuse Case Modeling Tree During Security Requirements Elicitation Phase to Quantify Security

2019 ◽  
pp. 21-28
Author(s):  
Ajeet Singh Poonia ◽  
C. Banerjee ◽  
Arpita Banerjee ◽  
S. K. Sharma
Keyword(s):  
Requirements Elicitation ◽  
Security Requirements ◽  
Misuse Case

A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements

2011 ◽  
Vol 5 (4) ◽  
pp. 8-30
Author(s):  
O. T. Arogundade ◽  
A. T. Akinwale ◽  
Z. Jin ◽  
X. G. Yang
Keyword(s):  
Early Stage ◽  
System Development ◽  
Security Requirements ◽  
Health Care Information ◽  
Safety Requirements ◽  
Misuse Case ◽  
Proposed Model ◽  
Development Life Cycle ◽  
Care Information ◽  
The University

This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

scholarly journals Arguing Satisfaction of Security Requirements

2007 ◽  
pp. 16-43 ◽  
Author(s):  
C. B. Haley ◽  
R. Laney ◽  
J. D. Moffett ◽  
B. Nuseibeh
Keyword(s):  
Formal Proof ◽  
Requirements Elicitation ◽  
Security Requirements ◽  
Informal Argumentation ◽  
And Behavior ◽  
System Context

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements.

Security Requirements Elicitation

2011 ◽  
pp. 316-325
Author(s):  
Manish Gupta
Keyword(s):  
Information Security ◽  
Human Factors ◽  
Information Assurance ◽  
Systems Design ◽  
Requirements Elicitation ◽  
Security Requirements ◽  
Current State ◽  
Systems Requirements ◽  
State Of Affairs ◽  
Electronic Channels

Information security is becoming increasingly important and more complex as organizations are increasingly adopting electronic channels for managing and conducting business. However, state-of-the-art systems design methods have ignored several aspects of security that arise from human involvement or due to human factors. The chapter aims to highlight issues arising from coalescence of fields of systems requirements elicitation, information security, and human factors. The objective of the chapter is to investigate and suggest an agenda for state of human factors in information assurance requirements elicitation from perspectives of both organizations and researchers. Much research has been done in the area of requirements elicitation, both systems and security, but, invariably, human factors are not been taken into account during information assurance requirements elicitation. The chapter aims to find clues and insights into acquisition behavior of human factors in information assurance requirements elicitation and to illustrate current state of affairs in information assurance and requirements elicitation and why inclusion of human factors is required.

scholarly journals Security Requirements Elicitation from Airline Turnaround Processes

2018 ◽  
Vol 60 (1) ◽  
pp. 3-20 ◽  
Author(s):  
Raimundas Matulevičius ◽  
Alex Norta ◽  
Silver Samarütel
Keyword(s):  
Requirements Elicitation ◽  
Security Requirements

scholarly journals A Security Ontology for Security Requirements Elicitation

2015 ◽  
pp. 157-177 ◽  
Author(s):  
Amina Souag ◽  
Camille Salinesi ◽  
Raúl Mazo ◽  
Isabelle Comyn-Wattiau
Keyword(s):  
Requirements Elicitation ◽  
Security Requirements
Sign in / Sign up

Export Citation Format

Share Document