Vulnerability Analysis Approach To Capturing Information System Safety Threats and Requirements
Source: Peking University
Abuse case has great support in identifying security threats and security requirements caused by outside attackers, but it has not been used to capture non-malicious deliberate acts for safety concerns that involves inside abusers. It is important to represent inside abusers in a model and distinguish them from inside intruders and outside attackers, since their behaviors are different. The intent of this paper is to propose a new extension of abuse case to identify deliberate acts of safety threats caused by inside abusers.