View article

In this position paper, we present our interdisciplinary research into a unified account of profiling attackers for software-intensive systems. Our work draws on the principles from requirements engineering and criminology. Specifically, we show how a unified crime theory can be adapted to model the attackers and their degree of knowledge about the environment in which the software operates. We illustrate our approach through an example based on i* and data flow modeling, and discuss future research directions indicated by our preliminary results.