Misuse Cases: Use Cases with Hostile Intent

@article{Alexander2003MisuseCU,
  title={Misuse Cases: Use Cases with Hostile Intent},
  author={Ian F. Alexander},
  journal={IEEE Softw.},
  year={2003},
  volume={20},
  pages={58-66}
}
  • I. Alexander
  • Published 2003
  • Engineering, Computer Science
  • IEEE Softw.
Humans have analyzed negative scenarios ever since they first sat around Ice Age campfires debating the dangers of catching a woolly rhinoceros: "What if it turns and charges us before it falls into the pit?" A more recent scenario is "What if the hackers launch a denial-of-service attack?" Modern systems engineers can employ a misuse case, the negative form of a use case, to document and analyze such scenarios. A misuse case is simply a use case from the point of view of an actor hostile to… Expand
Misuse, Abuse and Reuse: Economic Utility Functions for Characterising Security Requirements
TLDR
This paper provides a simple demonstration of how existing practice might integrate economic factors to describe the business, management and functional concerns that surround system security and software development. Expand
Developing Abuse Cases Based on Threat Modeling and Attack Patterns
TLDR
A method for developing abuse cases based on threat modeling and attack patterns has the potential to assist software engineers without high expertise in computer security to develop meaningful and useful abuse cases, and therefore reduce the security vulnerabilities in the software systems they develop. Expand
Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams
TLDR
This paper describes a controlled experiment where it is compared safety hazard identification by means of misuse cases based on use case diagrams and textual use cases, and the experiment participants found use case graphs and text equally easy to use. Expand
Misuse Cases for Identifying System Dependability Threats
TLDR
This paper looks into the possibility of applying misuse cases for other dependability factors in addition to security and safety, providing examples where misuse cases are applied for availability, reliability, and robustness. Expand
Comparing attack trees and misuse cases in an industrial setting
TLDR
The industrial experiment confirms a central finding from the student experiments: that attack trees tend to help identifying more threats than misuse cases and presents a new result: that misuse cases tend to encourage identification of threats associated with earlier development stages than attack trees. Expand
HARM: Hacker Attack Representation Method
TLDR
The proposed Hacker Attack Representation Method (HARM) combines well-known and recently developed security modeling techniques in order to represent complex and creative hacker attacks diagrammatically from multiple perspectives to facilitate overviews of intrusions on a general level. Expand
Vulnerability Analysis Approach To Capturing Information System Safety Threats and Requirements
Abuse case has great support in identifying security threats and security requirements caused by outside attackers, but it has not been used to capture non-malicious deliberate acts for safetyExpand
Refining Use/Misuse/Mitigation Use Cases for Security Requirements
We investigate security at the same time as the functional requirements by refining and integrating use, misuse, and mitigation use cases. Security requirements rely on the interactions among normalExpand
Visualizing Cyber Attacks with Misuse Case Maps
TLDR
The paper introduces misuse case maps, a new modelling technique that is the anti-behavioural complement to use case maps to visualize how cyber attacks are performed in an architectural context. Expand
An Integration of Threat Modeling with Attack Pattern and Misuse Case for Effective Security Requirement Elicitation
TLDR
How misuse cases enhance the performance of threat modeling is investigated, an effective way for security requirement elicitation by integrating threat modeling with attack pattern and misuse cases is described. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 22 REFERENCES
Eliciting security requirements with misuse cases
TLDR
This paper presents a systematic approach to eliciting security requirements based on use cases, with emphasis on description and method guidelines, and is potentially useful for several other types of extra-functional requirements beyond security. Expand
Misuse cases help to elicit non-functional requirements
Use Cases are widely seen as suitable for defining functional requirements for software. There is controversy about the suitability of Use Cases for Systems other than Software, and for NonFunctionalExpand
Templates for Misuse Case Description
TLDR
This paper discusses security related misuse cases through a discussion of templates for their textual description and introduces the concept of misuse cases – inverted use cases to denote functions that should not be possible to perform in a system. Expand
Review of "Use cases, requirements in context by Daryl Kulak and Eamon Guiney." Addison-Wesley 2004
TLDR
In “Managing Software Requirements” Leffingwell and Widrig have attempted to define the problem and present a well thought out, logical series of steps and techniques to resolve the requirements problem. Expand
Writing effective use cases
TLDR
The authors indulge in a long-winded literature survey of planning systems and provide proofs of necessity, consistency, and optimality of their framework, that practitioners will no doubt find tiresome as the book is given the flavour of a PhD thesis. Expand
Use cases: requirements in context
TLDR
A use case method for delivering a requirements-oriented set of deliverables and the methodology breaks down the activity of producing requirements into a series of steps, and it answers the questions that usually come up when people employ use cases. Expand
Deriving safety requirements using scenarios
  • Karen Allenby, T. Kelly
  • Engineering, Computer Science
  • Proceedings Fifth IEEE International Symposium on Requirements Engineering
  • 2001
TLDR
Using the approach, it is possible to justifiably derive hazard-mitigation use cases as first class requirements from systematic hazard analysis of core design intent scenarios, and to conduct hazard analysis on use case requirements representations. Expand
Introduction to systems engineering with use cases
Systems engineering copes with complexity by organising development hierarchically into subsystems, some being software. Use cases are organised collections of scenarios, used to define the purposesExpand
Towards recyclable system requirements
  • I. Alexander, Friedemann Kiedaisch
  • Computer Science
  • Proceedings Ninth Annual IEEE International Conference and Workshop on the Engineering of Computer-Based Systems
  • 2002
TLDR
This paper focuses on the early phase of software development and describes a planned approach to obtain high quality and well structured requirement specifications by revisiting development artifacts of former similar systems. Expand
Metaphors of intent
  • C. Potts
  • Computer Science
  • Proceedings Fifth IEEE International Symposium on Requirements Engineering
  • 2001
TLDR
Two types of fundamental metaphors that recur throughout requirements engineering are investigated: reification of abstractions as material substances and containers; and anthropomorphisms, some of which have recently been codified by M. Jackson (2001) as problem frames. Expand
...
1
2
3
...