TITLE:
Refining Use/Misuse/Mitigation Use Cases for Security Requirements
AUTHORS:
Joshua J. Pauli
KEYWORDS:
Use Case, Misuse Case, Mitigation Use Case, Requirements, Security Engineering
JOURNAL NAME:
Journal of Software Engineering and Applications,
Vol.7 No.8,
July
8,
2014
ABSTRACT:
We investigate security at
the same time as the functional requirements by refining and integrating use,
misuse, and mitigation use cases. Security requirements rely on the
interactions among normal system execution (use cases), attacks (misuse cases),
and necessary security strategies (mitigation use cases), but previous
approaches only use a high-level of abstraction. We use refinement to uncover details
of each case and the relationships among them before integrating them. We
identify and model “includes” and “extends” relationships within each refined
case type, and use a condition-driven process that maintains these
relationships as refinement continues. We then systematically identify and
model “threatens” and “mitigates” relationships to integrate the cases at a
detailed level.