Requirements Engineering

, Volume 10, Issue 1, pp 34–44 | Cite as

Eliciting security requirements with misuse cases

  • Guttorm SindreEmail author
  • Andreas L. Opdahl
Original Article


Use cases have become increasingly common during requirements engineering, but they offer limited support for eliciting security threats and requirements. At the same time, the importance of security is growing with the rise of phenomena such as e-commerce and nomadic and geographically distributed work. This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines. The approach extends traditional use cases to also cover misuse, and is potentially useful for several other types of extra-functional requirements beyond security.


Security requirements Use cases Scenarios Extra-functional requirements Requirements elicitation Requirements determination Requirements specification Requirements analysis 


  1. 1.
    Jacobson I et al (1992) Object-oriented software engineering: a use case driven approach. Addison-Wesley, BostonGoogle Scholar
  2. 2.
    Constantine LL, Lockwood LAD (1999) Software for use: a practical guide to the models and methods of usage-centered design. ACM Press, New YorkGoogle Scholar
  3. 3.
    Cockburn A (2001) Writing effective use cases. Addison-Wesley, BostonGoogle Scholar
  4. 4.
    Rumbaugh J (1994) Getting started: using use cases to capture requirements. J Object Orient Prog 7(5):8–23Google Scholar
  5. 5.
    Kulak D, Guiney E (2000) Use cases: requirements in context. ACM Press, New YorkGoogle Scholar
  6. 6.
    Weidenhaupt K et al (1998) Scenario usage in system development: a report on current practice. IEEE Software 15(2):34–45CrossRefGoogle Scholar
  7. 7.
    Arlow J (1998) Use cases, UML visual modelling and the trivialisation of business requirements. Req Eng 3(2):150–152Google Scholar
  8. 8.
    Lilly S (1999) Use case pitfalls: top 10 problems from real projects using use cases. In: Proceedings of TOOLS USA 1999, IEEE Computer Society, Santa Barbara, CaliforniaGoogle Scholar
  9. 9.
    Anton AI et al (2001) Deriving goals from a use case based requirements specification. Req Eng 6(1):63–73Google Scholar
  10. 10.
    CCIMB (1999) Common criteria for information technology security evaluation. Technical report, CCIMB-99–031, Common Criteria Implementation BoardGoogle Scholar
  11. 11.
    ECMA (1999) ECMA protection profile: E-COFC public business class. Technical report, TR/78, ECMA International, Geneva, SwitzerlandGoogle Scholar
  12. 12.
    Crook R et al (2002) Security requirements engineering: when anti-requirements hit the fan. In: Proceedings of the 10th anniversary IEEE international requirements engineering conference (RE‘02), Essen, GermanyGoogle Scholar
  13. 13.
    Pohl K (1994) The three dimensions of requirements engineering: a framework and its applications. Inform Syst 19(3):243–258CrossRefGoogle Scholar
  14. 14.
    Loucopoulos P, Karakostas V (1995) Systems requirements engineering. McGraw-Hill, LondonGoogle Scholar
  15. 15.
    Kotonya G, Sommerville I (1997) Requirements engineering: processes and techniques. Wiley, ChichesterGoogle Scholar
  16. 16.
    Mylopoulos J, Chung L, Yu E (1999) From object-oriented to goal-oriented requirements analysis. Commun ACM 42(1):31–37CrossRefGoogle Scholar
  17. 17.
    Sindre G, Opdahl AL (2000) Eliciting security requirements by misuse cases. In: Proceedings of TOOLS Pacific 2000, Sydney, AustraliaGoogle Scholar
  18. 18.
    Sindre G, Opdahl AL (2001) Templates for misuse case description. In: Proceedings of the 7th international workshop on requirements engineering: foundation for software quality (REFSQ’01), Interlaken, SwitzerlandGoogle Scholar
  19. 19.
    McDermott J, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th annual computer security applications conference (ACSAC’99), Phoenix, ArizonaGoogle Scholar
  20. 20.
    McDermott J (2001) Abuse-case-based assurance arguments. In: Proceedings of the 17th annual computer security applications conference (ACSAC’01), New Orleans, Los AngelesGoogle Scholar
  21. 21.
    Potts C (2001) Scenario noir (panel statement, p 2). In: Proceedings of the symposium on requirements engineering for information security (SREIS’01), IndianapolisGoogle Scholar
  22. 22.
    Alexander IF (2002) Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of the 10th anniversary IEEE international requirements engineering conference (RE’02), Essen, GermanyGoogle Scholar
  23. 23.
    Alexander IF (2002) Modelling the interplay of conflicting goals with use and misuse cases. In: Proceedings of the 8th international workshop on requirements engineering: foundation for software quality (REFSQ’02), Essen, GermanyGoogle Scholar
  24. 24.
    Alexander IF (2003) Misuse cases, use cases with hostile intent. IEEE Software 20(1):58–66CrossRefGoogle Scholar
  25. 25.
    Ellison R et al (1999) Survivable network system analysis: a case study. IEEE Software 16(4):70–77CrossRefGoogle Scholar
  26. 26.
    Firesmith D (2003) Security use cases. J Object Tech 2(3):53–64Google Scholar
  27. 27.
    OMG (2003) Unified modeling language, version 1.5. Object Management Group, Inc. Cited 21 Nov 2003
  28. 28.
    Sindre G, Opdahl AL, Breivik GF (2002) Generalization/specialization as a structuring mechanism for misuse cases. In: Proceedings of the 2nd symposium on requirements engineering for information security (SREIS’02), Raleigh, North CarolinaGoogle Scholar
  29. 29.
    Kruchten P (2000) The rational unified process—an introduction. Addison-Wesley, BostonGoogle Scholar
  30. 30.
    Sindre G, Firesmith D, Opdahl AL (2003) A reuse-based approach to determining security requirements. In: Proceedings of the 9th international workshop on requirements engineering: foundation for software quality (REFSQ’03), Klagenfurt, AustriaGoogle Scholar
  31. 31.
    Viega J, McGraw G (2002) Building secure software: how to avoid security problems the right way. Addison-Wesley, BostonGoogle Scholar
  32. 32.
    Andress M (2002) Surviving security: how to integrate people, process, and technology. Sams Publishing, IndianapolisGoogle Scholar
  33. 33.
    Devanbu PT, Stubblebine S (2000) Software engineering for security: a roadmap. In: Proceedings of the 22nd international conference on software engineering (ICSE 2000), future of software engineering track, Limerick, IrelandGoogle Scholar
  34. 34.
    Carroll JM, Swatman PA (1999) Managing the RE process: lessons from commercial practice. In: Proceedings of the 5th international workshop on requirements engineering: foundations of software quality (REFSQ’99), Heidelberg, GermanyGoogle Scholar
  35. 35.
    den Braber F et al (2002) Model-based risk management using UML and UP. In: Proceedings of the 13th IRMA international conference: issues and trends of information technology management in contemporary organizations (IRMA’2002), Seattle, WashingtonGoogle Scholar
  36. 36.
    Houmb S-H et al (2002) Towards a UML profile for model-based risk assessment. In: Proceedings of the UML’2002 satellite workshop on critical systems development with UML (CSD-UML’02), Dresden, GermanyGoogle Scholar
  37. 37.
    Breivik GF (2002) Abstract misuse patterns—a new approach to security requirements. Masters thesis, Department of Information Science, University of BergenGoogle Scholar
  38. 38.
    OWASP (2001) Application security attack components. The open web application security project. Cited 21 Sept 2002
  39. 39.
    Hickey A, Davis AM (2003) Elicitation technique selection: how do experts do it? In: Proceedings of the 11th IEEE international requirements engineering conference (RE’03), Monterey, CaliforniaGoogle Scholar
  40. 40.
    Coughlan J, Macredie RD (2002) Effective communication in requirements elicitation: a comparison of methodologies. Req Eng 7:47–60CrossRefGoogle Scholar
  41. 41.
    Potts C (1995) Using schematic scenarios to understand user needs. In: Proceedings of the ACM symposium on designing interactive systems: processes, practices, and techniques (DIS’95), Ann Arbor, MichiganGoogle Scholar
  42. 42.
    Anton AI, Earp JB (2000) Strategies for developing policies and requirements for secure electronic commerce systems. In: Proceedings of the 1st ACM workshop on security and privacy in e-commerce, Athens, GreeceGoogle Scholar
  43. 43.
    van Lamsweerde A, Letier E (2000) Handling obstacles in goal-oriented requirements engineering. IEEE T Software Eng 26(10):978–1005CrossRefGoogle Scholar
  44. 44.
    Maiden NAM et al (1998) CREWS-SAVRE: systematic scenario generation and use. In: Proceedings of the 3rd IEEE international conference on requirements engineering (ICRE’98), Colorado Springs, ColoradoGoogle Scholar
  45. 45.
    Rolland C, Souveyet C, Achour-Salinesi CB (1998) Guiding goal models using scenarios. IEEE T Software Eng 24(12):1055–1071CrossRefGoogle Scholar
  46. 46.
    Achour-Salinesi CB et al (1999) Guiding use case authoring: results from an empirical study. In: Proceedings of the 4th international symposium on requirements engineering (RE’99), Limerick, IrelandGoogle Scholar
  47. 47.
    Abrahamsson P et al (2003) New directions on agile methods: a comparative analysis. In: Proceedings of the 25th international conference on software engineering (ICSE’03), Portland, OregonGoogle Scholar
  48. 48.
    Liu L et al (2003) Security and privacy requirements analysis within a social setting. In: Proceedings IEEE international conference on requirements engineering (RE’03), Monterey, CaliforniaGoogle Scholar
  49. 49.
    Amoroso EJ (1994) Fundamentals of computer security technology. Prentice-Hall, Englewood CliffsGoogle Scholar
  50. 50.
    Schneier B (2000) Secrets and lies: digital security in a networked world. Wiley, ChichesterGoogle Scholar
  51. 51.
    Moberg F (2000) Security analysis of an information system using an attack tree-based methodology. Masters thesis, Chalmers University of TechnologyGoogle Scholar
  52. 52.
    Chung L et al (2000) Non-functional requirements in software engineering. Kluwer, BostonGoogle Scholar
  53. 53.
    Lutz RR (2000) Software engineering for safety: a roadmap. In: Finkelstein A (ed) The future of software engineering, ACM Press, New YorkGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2004

Authors and Affiliations

  1. 1.Department of Computer and Information ScienceNorwegian University of Science and Technology (NTNU)TrondheimNorway
  2. 2.Department of Information Science and Media StudiesUniversity of BergenNorway

Personalised recommendations