MASG: Advanced Misuse Case Analysis Model with Assets and Security Goals
Takao Okubo, Kenji Taguchi, Haruhiko Kaiya, and Nobukazu Yoshioka.
Journal of Information
Processing, Vol. 22, No. 3, pp.
536-546, Jul. 2014,
Misuse case model and its development process are useful and practical for security requirements analysis,
but they require expertise especially about security assets and goals. To enable inexperienced requirements analysts
to elicit and to analyse security requirements, we present an extension of misuse case model and its development
process by incorporating new model elements, assets and security goals. We show its effectiveness from the quantitative
and qualitative results of a case study. According to the results, we conclude the extension and its process enable
inexperienced analysts to elicit security requirements as well as experienced analysts do.