Introducing abuse frames for analysing security requirements

  • Lin L
  • Nuseibeh B
  • Ince D
 et al. 
  • 24


    Mendeley users who have this article in their library.
  • 45


    Citations of this article.


We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.

Author-supplied keywords

  • Automation
  • Computer science
  • Computer security
  • Design engineering
  • Engineering management
  • Information security
  • Internet
  • Mission critical systems
  • Protection
  • Systems engineering and theory

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • L. Lin

  • B. Nuseibeh

  • D. Ince

  • M. Jackson

  • J. Moffett

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free