Using Malware Analysis in Security Requirements Elicitation

In traditional lifecycle models, use cases help developers identify requirements for their systems. Our research explores how developers can mine data from misuse cases to identify security requirements. Such requirements help developers address potential design flaws that can be exploited by attackers thereby resulting in more secure software.

SEI researchers and CMU students extended this work by creating an open-source tool, MORE, which allows developers to add information and search misuse cases, use cases, and overlooked requirements. Having this information enables developers to build more robust requirements that prevent security weaknesses in their products. Refer to Report Writer and Security Requirements Finder: User and Admin Manuals, published in 2016 by the SEI, for more information.

Use the MORE Tool

Bring the benefit of malware attack analysis to your product development.

Download

Explore Our Research

We're happy to provide more information about this research or the other work we are doing.

Contact Us