We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.
CITATION STYLE
Lin, L., Nuseibeh, B., Ince, D., Jackson, M., & Moffett, J. (2003). Introducing abuse frames for analysing security requirements. In Proceedings of the IEEE International Conference on Requirements Engineering (Vol. 2003-January, pp. 371–372). IEEE Computer Society. https://doi.org/10.1109/ICRE.2003.1232791
Mendeley helps you to discover research relevant for your work.