15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

Using Abuse Case Models for Security Requirements Analysis

Chris Fox, mcdermot@cs.jmu.edu
John McDermott

James Madison Univ., USA

A valid security engineering process is a complex activity involving many special work products: security objectives, security requirements, security policies, functional specifications, and security policy models. The work products and relationships between them can be hard to understand, even for persons with a strong technical background, but little knowledge of security engineering.

Security specialists use mathematical security models to understand security problems and find solutions for them. Use of these models is essential to the creation of trustworthy information security products but they are not easily understood by persons who are not security specialists. They must be interpreted for the system to which they are applied. Security specialists can construct these interpretations, but the construction can be time consuming.

On the other hand, market forces are driving software practitioners who are not security specialists to develop software that requires security features. When these practitioners develop software solutions without appropriate security-specific processes and models, they sometimes fail to produce effective solutions.

While we do not have a solution to this problem, we have adapted a proven object-oriented modeling technique, use cases, to capture and analyze security requirements in a simple way. We call the adaptation an abuse case model. As we employ it, an abuse case model is considerably easier to understand than a mathematical security model. Its relationship to other security engineering work products is relatively simple from a user perspective.