Title :
Using abuse frames to bound the scope of security problems
Author :
Lin, Luncheng ; Nuseibeh, Bashar ; Ince, Darrel ; Jackson, Michael
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes, UK
Abstract :
Security problems arise from the concern for protecting assets from security threats. In a systems development process, the security protection of a system is specified by security requirements, identified from the analysis of the threats to the system. However, as it is often not possible to obtain a full system description until late in the RE process, a security problem often has to be described in the context of a bounded scope, that is, one containing only the domains relevant to some part of the functionality of the full system. By binding the scope of a security problem, it can be described more explicitly and precisely, thereby facilitating the identification and analysis of threats, which in turn drive the elicitation and elaboration of security requirements. In this poster, we elaborate on an approach we developed based on abuse frames and suggest how it can provide a means for structuring and bounding the scope security problems.
Keywords :
formal specification; security of data; systems analysis; abuse frames; full system description; scope security problem; security protection; security requirements; security threat; system development; Counting circuits; Joining processes; Protection; Security; Systems engineering and theory; Terminology;
Conference_Titel :
Requirements Engineering Conference, 2004. Proceedings. 12th IEEE International
Print_ISBN :
0-7695-2174-6
DOI :
10.1109/ICRE.2004.1335698
