期刊名称:International Journal of Software Engineering and Its Applications
印刷版ISSN:1738-9984
出版年度:2011
卷号:5
期号:4
出版社:SERSC
摘要:Abuse case has great support in identifying security threats and security requirements caused by outside attackers, but it has not been used to capture non-malicious deliberate acts for safety concerns that involves inside abusers. It is important to represent inside abusers in a model and distinguish them from inside intruders and outside attackers, since their behaviors are different. The intent of this paper is to propose a new extension of abuse case to identify deliberate acts of safety threats caused by inside abusers. A new notation vulnerable use case was introduced to express the actions that leads to threats from inside abusers, countermeasures were introduced by safety use cases, and new relationships were defined to clarify the interactions among use cases, vulnerable use cases, safety use cases and abuse cases. This enhanced model provided a way of capturing as much potential risks caused by inside abusers, and embed safety requirements in the early stage of the system development life cycle.
关键词:Abuse case; inside abuser; misuse case; safety threats; safety requirement;vulnerable use case
