Describing early security requirements using use case maps

Jameleddine Hassine*, Abdelwahab Hamou-Lhadj

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.

Original languageEnglish
Title of host publicationSDL 2015
Subtitle of host publicationModel-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings
EditorsIna Schieferdecker, Rick Reed, Joachim Fischer, Markus Scheidgen
PublisherSpringer Verlag
Number of pages16
ISBN (Print)9783319249117
StatePublished - 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland 2015.


  • Feature modeling
  • GRL
  • Goal evaluation
  • Goal modeling
  • URN

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Describing early security requirements using use case maps'. Together they form a unique fingerprint.

Cite this