Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements
Negative use cases — in the form of ‘misuse’ or ‘abuse’ cases — have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling too...
| Main Authors: | , |
|---|---|
| Format: | Conference item |
| Published: |
Institute of Electrical and Electronics Engineers
2016
|
| _version_ | 1826306097015685120 |
|---|---|
| author | Heitzenrater, C Simpson, A |
| author_facet | Heitzenrater, C Simpson, A |
| author_sort | Heitzenrater, C |
| collection | OXFORD |
| description | Negative use cases — in the form of ‘misuse’ or ‘abuse’ cases — have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development. |
| first_indexed | 2024-03-07T06:42:46Z |
| format | Conference item |
| id | oxford-uuid:f9d9cc4d-33fc-4ff2-98a9-7d6acf3e4d6b |
| institution | University of Oxford |
| last_indexed | 2024-03-07T06:42:46Z |
| publishDate | 2016 |
| publisher | Institute of Electrical and Electronics Engineers |
| record_format | dspace |
| spelling | oxford-uuid:f9d9cc4d-33fc-4ff2-98a9-7d6acf3e4d6b2022-03-27T13:01:09ZMisuse, Abuse, and Reuse: Economic utility functions for characterising security requirementsConference itemhttp://purl.org/coar/resource_type/c_5794uuid:f9d9cc4d-33fc-4ff2-98a9-7d6acf3e4d6bSymplectic Elements at OxfordInstitute of Electrical and Electronics Engineers2016Heitzenrater, CSimpson, ANegative use cases — in the form of ‘misuse’ or ‘abuse’ cases — have found a broad following within the security community due to their ability to make explicit the knowledge, assumptions and desires of stakeholders regarding real and perceived threats to systems. As an accepted threat modelling tool, they have become a standard part of many Secure Software Engineering (SSE) processes. Despite this widespread adoption, aspects of the original misuse case concept have yet to receive a formal treatment in the literature. This paper considers the application of economic utility functions within the negative use case development process, as a means of addressing existing challenges. We provide a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development. |
| spellingShingle | Heitzenrater, C Simpson, A Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title | Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title_full | Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title_fullStr | Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title_full_unstemmed | Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title_short | Misuse, Abuse, and Reuse: Economic utility functions for characterising security requirements |
| title_sort | misuse abuse and reuse economic utility functions for characterising security requirements |
| work_keys_str_mv | AT heitzenraterc misuseabuseandreuseeconomicutilityfunctionsforcharacterisingsecurityrequirements AT simpsona misuseabuseandreuseeconomicutilityfunctionsforcharacterisingsecurityrequirements |