AFMUC- Restriction Rules.

Software applications are essential for managing daily life activities, including social interactions and business transactions, that significantly increase the need for security in sharing sensitive information. Misuse case modeling is used for identifying and analyzing security requirements in software applications. However, security threats and their corresponding mitigations are inherently cross-cutting concerns. These concerns are scattered and tangled within multiple functional requirements and cannot be modularized using traditional object-oriented techniques. The realization of misuse cases causes crosscutting threats and corresponding mitigations to be scattered and tangled across use cases, resulting in ambiguity, incomplete understanding, and insufficient analysis of security requirements. This study proposes a misuse case modelling method called Aspect-oriented Formalized Misuse Case (AFMUC). It specifies crosscutting security threats separately as an aspect misuse case and integrates them with use cases using an aspect-oriented approach. AFMUC provides structured guidelines and restriction rules for modeling crosscutting security threats and corresponding mitigations using aspect-oriented constructs such as Pointcut, Joinpoint Advice, and Introduction. The aspect threat model is then woven into the base use case model. Similarly, an aspect mitigation model is proposed to specify crosscutting mitigations following the AFMUC restriction rules. The aspect mitigation model is then woven into the base misuse case model. The proposed approach is applied to a case study and evaluated through a controlled experiment involving twenty-four students with a background in information security. The findings indicate that the AFMUC approach is practical and unambiguous for specifying and analyzing crosscutting security requirements. However, some aspect-oriented modeling constructs and restriction rules have been misapplied by students. This shows that while students favored the AFMUC approach, they may have found it challenging to apply the aspect-oriented constructs and restriction rules due to a limited exposure to aspect-oriented modelling.

软件应用程序是管理日常生活活动（包括社交互动与商业交易）的核心工具，此类场景显著提升了敏感信息共享场景下的安全需求。误用案例建模（Misuse case modeling）被用于识别与分析软件应用中的安全需求。然而，安全威胁及其对应的缓解措施本质上属于横切关注点（cross-cutting concerns）：这类需求分散且交织于多个功能需求之中，无法通过传统面向对象技术（object-oriented techniques）实现模块化。误用案例的实现会导致横切威胁与对应缓解措施分散且交织于各类用例中，进而引发安全需求的表述模糊、理解不完整以及分析不充分。本研究提出了一种名为面向方面形式化误用案例（Aspect-oriented Formalized Misuse Case, AFMUC）的误用案例建模方法。该方法将横切安全威胁作为独立的方面误用案例进行定义，并通过面向方面编程的方式与基础用例进行集成。AFMUC提供了结构化的建模指南与约束规则，可基于切点（Pointcut）、连接点通知（Joinpoint Advice）、引入（Introduction）等面向方面编程构造，对横切安全威胁及其对应缓解措施进行建模。随后，该方面威胁模型将被织入基础用例模型。类似地，本研究还提出了方面缓解模型，用于遵循AFMUC约束规则定义横切缓解措施，并将该方面缓解模型织入基础误用案例模型。所提方法已通过案例研究进行了验证，并通过一项受控实验开展评估：实验招募了24名具备信息安全背景的学生参与。研究结果表明，AFMUC方法在指定与分析横切安全需求方面具备实用性与清晰性。不过，部分学生存在对面向方面建模构造与约束规则的误用情况，这反映出尽管学生普遍认可AFMUC方法，但由于对面向方面建模的接触有限，他们在实际应用相关构造与规则时仍存在一定难度。