引入滥用框架以分析安全需求

Proceedings. 11th IEEE International Requirements Engineering Conference, 2003. Pub Date : 2003-09-08 DOI:10.1109/ICRE.2003.1232791

Luncheng Lin, B. Nuseibeh, D. Ince, M. Jackson, J. Moffett

{"title":"引入滥用框架以分析安全需求","authors":"Luncheng Lin, B. Nuseibeh, D. Ince, M. Jackson, J. Moffett","doi":"10.1109/ICRE.2003.1232791","DOIUrl":null,"url":null,"abstract":"We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.","PeriodicalId":243621,"journal":{"name":"Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"111","resultStr":"{\"title\":\"Introducing abuse frames for analysing security requirements\",\"authors\":\"Luncheng Lin, B. Nuseibeh, D. Ince, M. Jackson, J. Moffett\",\"doi\":\"10.1109/ICRE.2003.1232791\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.\",\"PeriodicalId\":243621,\"journal\":{\"name\":\"Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"111\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICRE.2003.1232791\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRE.2003.1232791","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 111

摘要

我们正在开发一种方法，使用Jackson的问题框架来分析安全问题，以确定安全漏洞。我们引入了反需求的概念，即恶意用户可能破坏现有需求的需求。我们将反需求合并到所谓的滥用框架中，以表示在特定问题上下文中恶意用户施加的安全威胁的概念。我们建议滥用框架如何提供一种方法来限定安全问题的范围，以便分析安全威胁并得出安全需求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Introducing abuse frames for analysing security requirements

We are developing an approach using Jackson's Problem Frames to analyse security problems in order to determine security vulnerabilities. We introduce the notion of an anti-requirement as the requirement of a malicious user that can subvert an existing requirement. We incorporate anti-requirements into so-called abuse frames to represent the notion of a security threat imposed by malicious users in a particular problem context. We suggest how abuse frames can provide a means for bounding the scope of security problems in order to analyse security threats and derive security requirements.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.

自引率

0.00%

发文量