Security requirements elicitation and modelling are integral for the successful development of secure systems. However, there are a lot of similar yet not identical approaches that currently exist for security requirements modelling, which is confusing for researchers and practitioners hence some characterisation will be useful to give a better overview and understanding of advantages and disadvantages of various approaches. This paper provides a comparative review of i*-based and use case - based security modelling initiatives, using a characterisation framework with several dimensions. Our findings show that both categories of initiatives have significant conceptual similarities in the aspect of modelling language and method process, and coverage of security requirements modelling notions. They have conceptual differences in the aspect of: representation perspective, kind of security requirements engineering activities that are supported, the quality of specification that is generated and the specification techniques used, and the degree of support for software evolution.

-- DanielAmyot - 16 Mar 2014


FormForVirtualLibrary edit

Title A Comparative Review of i*-based and Use Casebased Security Modelling Initiatives
Authors O. DaramolaP. Yushan, P. Karpati, and G. Sindre
Type Conference
Conference/Journal Title Sixth Int. Conf. on Research Challenges in Information Science (RCIS 2012)
Publisher IEEE CS
Month May
Year 2012
Pages 1-12
DOI 10.1109/RCIS.2012.6240434
Keywords Security requirements, i*-based modelling, use-case based modelling, mis-use case maps
Topic revision: r1 - 16 Mar 2014, DanielAmyot
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback