Integrating functional and security requirements with use case decomposition

11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06) Pub Date : 2006-08-15 DOI:10.1109/ICECCS.2006.59

Joshua J. Pauli, Dianxiang Xu

{"title":"Integrating functional and security requirements with use case decomposition","authors":"Joshua J. Pauli, Dianxiang Xu","doi":"10.1109/ICECCS.2006.59","DOIUrl":null,"url":null,"abstract":"Misuse case modeling is a viable option to depict the security requirements together with functional requirements. To investigate the interplay between functional and security requirements, this paper presents an approach to decomposing use cases, misuse cases, and mitigation use cases. We identify relationships among decomposed cases for each case type (use, misuse, mitigation use) and ensure consistency among the cases as decomposition occurs by properly modeling shared and optional cases. We also assign applicable actors to the decomposed cases. Decomposition is conducted for each case type independently and then integrated with the \"threatens\" and \"mitigates\" relationships. We provide processes for the proper use of the \"threatens\" relationship between misuse cases and use cases and the \"mitigates\" relationship between mitigation use cases and misuse cases at different levels of abstraction. Thus, a complete set of security-centric requirements can be specified from the project outset to guide subsequent software development phases","PeriodicalId":269321,"journal":{"name":"11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06)","volume":"189 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECCS.2006.59","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

Misuse case modeling is a viable option to depict the security requirements together with functional requirements. To investigate the interplay between functional and security requirements, this paper presents an approach to decomposing use cases, misuse cases, and mitigation use cases. We identify relationships among decomposed cases for each case type (use, misuse, mitigation use) and ensure consistency among the cases as decomposition occurs by properly modeling shared and optional cases. We also assign applicable actors to the decomposed cases. Decomposition is conducted for each case type independently and then integrated with the "threatens" and "mitigates" relationships. We provide processes for the proper use of the "threatens" relationship between misuse cases and use cases and the "mitigates" relationship between mitigation use cases and misuse cases at different levels of abstraction. Thus, a complete set of security-centric requirements can be specified from the project outset to guide subsequent software development phases

查看原文本刊更多论文

将功能和安全需求与用例分解相集成

误用案例建模是描述安全性需求和功能需求的可行选择。为了研究功能需求和安全需求之间的相互作用，本文提出了一种分解用例、误用例和缓解用例的方法。我们确定每个案例类型(使用、误用、缓解使用)的分解案例之间的关系，并通过正确建模共享和可选案例来确保分解过程中案例之间的一致性。我们还为分解的案例分配了适用的参与者。对每个案例类型进行独立的分解，然后与“威胁”和“缓解”关系集成。我们提供了在不同抽象层次上正确使用滥用用例和用例之间的“威胁”关系以及缓解用例和滥用用例之间的“缓解”关系的过程。因此，一套完整的以安全为中心的需求可以从项目一开始就被指定，以指导后续的软件开发阶段

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06)

自引率

0.00%

发文量