Enhanced Misuse Case Model: A Security Requirement Analysis and Specification Model

An information security system of public or private organization should be developed securely and cost-effectively by using security engineering and software engineering technologies, as well as a security requirement specification (SRS). We present the E-MUC model that is analysis and specification model of security requirement based on UML, and a development process by using E-MUC model. Our approach is based on the paradigm of Common Criteria (ISO/IEC 15408), that is an international evaluation criteria for information security products, and PP which is a common security functional requirement specification for specific types of information security product.

[1]  Sang-soo Choi,et al.  SRS-Tool: A Security Functional Requirement Specification Development Tool for Application Information System of Organization , 2005, ICCSA.

[2]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[3]  Susan Lilly,et al.  Use case pitfalls: top 10 problems from real projects using use cases , 1999, Proceedings of Technology of Object-Oriented Languages and Systems - TOOLS 30 (Cat. No.PR00278).

[4]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[5]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.