Skip to main content
Journal ArticleOPEN ACCESS

Defining security requirements through misuse actions

IFIP International Federation for Information Processing (2006) 219 123-137
DOI: 10.1007/978-0-387-34831-5_10
N/ACitations
Citations of this article
24Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. From this list we can deduce what policies are necessary to prevent or mitigate the threats. These policies can then be used as guidelines for design. The proposed method can include formal design notations for validation and verification. © 2006 International Federation for Information Processing.

Cite

CITATION STYLE

APA

Fernandez, E. B., Vanhilst, M., Petrie, M. M. L., & Huang, S. (2006). Defining security requirements through misuse actions. IFIP International Federation for Information Processing, 219, 123–137. https://doi.org/10.1007/978-0-387-34831-5_10

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free