Introducing abuse frames for analysing security requirements

  • Lin L
  • Nuseibeh B
  • Ince D
 et al. 
  • 23


    Mendeley users who have this article in their library.
  • 41


    Citations of this article.


We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.

Author-supplied keywords

  • Automation
  • Computer science
  • Computer security
  • Design engineering
  • Engineering management
  • Information security
  • Internet
  • Mission critical systems
  • Protection
  • Systems engineering and theory

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text


  • L. Lin

  • B. Nuseibeh

  • D. Ince

  • M. Jackson

  • J. Moffett

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free