17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Abuse-Case-Based Assurance Arguments

John McDermott
Naval Research Laboratory

This paper describes an extension to abuse-case-based security requirements analysis that provides a lightweight means of increasing assurance in security relevant software. The approach is adaptable to lightweight software development processes but results in a concrete and explicit assurance argument. Like abuse-case-based security requirements analysis, this approach is suitable for use in projects without security experts. When used in this way (without security experts) it will not produce as much assurance as the more traditional alternatives, but arguably give better results than ad hoc consideration of security issues.

Keywords: assurance, use case, abuse case, security

Read Paper Read Paper (in PDF)