Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. The framework offers modeling and analysis facilities to assist system designers in analyzing vulnerabilities and their effects on the system; identifying potential attackers and analyzing their behavior for compromising the system; and identifying and analyzing the countermeasures to protect the system. The framework proposes a qualitative goal model evaluation analysis for assessing the risks of vulnerabilities exploitation and analyzing the impact of countermeasures on such risks.

Original languageEnglish
Pages (from-to)41-62
Number of pages22
JournalRequirements Engineering
Issue number1
Publication statusPublished - Mar 2010
Externally publishedYes

    Research areas

  • Agent-oriented software engineering, Empirical security knowledge, Risk analysis, Security requirements engineering

ID: 32866267