원문정보
초록
영어
Abuse case has great support in identifying security threats and security requirements caused by outside attackers, but it has not been used to capture non-malicious deliberate acts for safety concerns that involves inside abusers. It is important to represent inside abusers in a model and distinguish them from inside intruders and outside attackers, since their behaviors are different. The intent of this paper is to propose a new extension of abuse case to identify deliberate acts of safety threats caused by inside abusers. A new notation vulnerable use case was introduced to express the actions that leads to threats from inside abusers, countermeasures were introduced by safety use cases, and new relationships were defined to clarify the interactions among use cases, vulnerable use cases, safety use cases and abuse cases. This enhanced model provided a way of capturing as much potential risks caused by inside abusers, and embed safety requirements in the early stage of the system development life cycle.
목차
1. Introduction
2. Terminologies
3. Related Works
3.1. Objectives
4. An Enhanced Abuse Case Model Including Inside Abuser
4.1. Enhanced Abuse Case Modeling Processes
4.2. Illustrative Example (e-healthcare system)
5. Discussions
6. Conclusions and Future Work
References