Misuse Cases: Use Cases with Hostile Intent

Humans have analyzed negative scenarios ever since they first sat around Ice Age campfires debating the dangers of catching a woolly rhinoceros: "What if it turns and charges us before it falls into the pit?" A more recent scenario is "What if the hackers launch a denial-of-service attack?" Modern systems engineers can employ a misuse case, the negative form of a use case, to document and analyze such scenarios. A misuse case is simply a use case from the point of view of an actor hostile to the system under design. Misuse cases have many possible applications and interact with use cases in interesting and helpful ways. The paper discusses the elicitation of safety requirements from failure cases and considers the interplay of design, functional, and nonfunctional requirements.

[1]  Mordechai Ben-Menachem,et al.  Writing effective use cases , 2001, SOEN.

[2]  Ken Frazer,et al.  Review of "Use cases, requirements in context by Daryl Kulak and Eamon Guiney." Addison-Wesley 2004 , 2004, SOEN.

[3]  I. Alexander,et al.  Introduction to systems engineering with use cases , 2002 .

[4]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[5]  Daryl Kulak,et al.  Use cases: requirements in context , 2000, SOEN.

[6]  Ivar Jacobson,et al.  Object-oriented software engineering - a use case driven approach , 1993, TOOLS.

[7]  Ian F. Alexander,et al.  Towards recyclable system requirements , 2002, Proceedings Ninth Annual IEEE International Conference and Workshop on the Engineering of Computer-Based Systems.

[8]  Colin Potts Metaphors of intent , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[9]  I. Alexander,et al.  Misuse cases help to elicit non-functional requirements , 2003 .

[10]  Andreas L. Opdahl,et al.  Templates for Misuse Case Description , 2001 .

[11]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.