Abstract
Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.
Original language | English |
---|---|
Title of host publication | Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers |
Subtitle of host publication | ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers |
Editors | Sokratis K. Katsikas, Frederic Cuppens, Nora Cuppens, Costas Lambrinodakis, Christos Kalloniatis, John Mylopoulos, Annie Anton, Stefanos Gritzalis |
Place of Publication | Switzerland |
Publisher | Springer |
Pages | 250-261 |
Number of pages | 12 |
Volume | 10683 |
ISBN (Electronic) | 9783319728179 |
ISBN (Print) | 9783319728162 |
DOIs | |
Publication status | Published - 2018 |
Event | 1st International Workshop on SECurity and Privacy Requirements Engineering - Gamle museet / The old museum, Oslo, Norway Duration: 14 Sept 2017 → 15 Sept 2017 https://samosweb.aegean.gr/secpre2017/ |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Volume | 10683 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 1st International Workshop on SECurity and Privacy Requirements Engineering |
---|---|
Abbreviated title | SECPRE 2017 |
Country/Territory | Norway |
City | Oslo |
Period | 14/09/17 → 15/09/17 |
Internet address |
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science