Refining Use/Misuse/Mitigation Use Cases for Security Requirements

作     者：Joshua J. Pauli 

作者机构：College of Business & Information Systems Dakota State University Madison USA 

出 版 物：《Journal of Software Engineering and Applications》 (软件工程与应用（英文）)

年 卷 期：2014年第7卷第8期

页      面：626-638页

学科分类：081203[工学-计算机应用技术] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Use Case Misuse Case Mitigation Use Case Requirements Security Engineering 

摘      要：We investigate security at the same time as the functional requirements by refining and integrating use, misuse, and mitigation use cases. Security requirements rely on the interactions among normal system execution (use cases), attacks (misuse cases), and necessary security strategies (mitigation use cases), but previous approaches only use a high-level of abstraction. We use refinement to uncover details of each case and the relationships among them before integrating them. We identify and model “includes and “extends relationships within each refined case type, and use a condition-driven process that maintains these relationships as refinement continues. We then systematically identify and model “threatens and “mitigates relationships to integrate the cases at a detailed level.