Misuse Cases: Use Cases with Hostile Intent - PowerPoint PPT Presentation

misuse cases use cases with hostile intent n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Misuse Cases: Use Cases with Hostile Intent PowerPoint Presentation
Download Presentation
Misuse Cases: Use Cases with Hostile Intent

play fullscreen
1 / 21
Misuse Cases: Use Cases with Hostile Intent
237 Views
Download Presentation
jennessa
Download Presentation

Misuse Cases: Use Cases with Hostile Intent

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Misuse Cases: Use Cases with Hostile Intent Presented by: Frank Xu Gannon University

  2. Objectives • Understand what misuse cases are • Understand applications of misuse cases • eliciting requirements • eliciting exceptions • developing test cases

  3. Use Cases • Individual use case describes • how a particular actor(agent) interacts with the system to achieve a result of value to the specific actor. • The set of all use cases together describes • the complete behavior of the system. • A use-case model • provide graphical overview of actors, use cases, and their dependency.

  4. Drive the car Park the car Lock the car

  5. Misuse Cases • The scenarios in which such 'negative' agents attempt to defeat the system under design

  6. Misuse Case • Misuse cases are negative use cases • Actor is a hostile agent

  7. Applications of Misuse Cases • Eliciting functional requirements • Eliciting nonfunctional requirements • Eliciting exceptions • Developing test cases

  8. Eliciting Functional requirements

  9. Eliciting Functional requirements

  10. Eliciting Functional Requirements

  11. Eliciting Functional Requirements

  12. Eliciting Non-functional Requirements “The car shall be constructed to the intrusion resistance defined in STD-123-456.”

  13. Eliciting Safety Requirements • Misuse Cases are not limited to eliciting Security Requirements, or threats from human agents. • A negative agent such as bad weather can be represented as a misuse case • Drivers may lose control of their cars if the road is covered in ice or wet leaves • The weather as an agent 'intending' to make the car skid.

  14. Eliciting Safety Requirements

  15. Eliciting “-ility” Requirements

  16. Eliciting Exceptions • An exception is an undesired event that could cause a system to fail. • “What could they do to make this go wrong?” • Divided by 0 • Handling such exception lead to resumption of normal operations, or lead to a safe shutdown. • GE locomotive – satellite signal transmitting vs. weather

  17. Eliciting Test Cases

  18. Eliciting Test Cases • Products of use/misuse-case analysis that can contribute to effective test planning include • Specific failure modes (for real-time, embedded, and safety related systems) • Security threats model (for distributed commercial and government systems) • Exception-handling scenarios (always useful, often directly translating to test scripts)

  19. Key points • Misuse Case models are a promising approach for • Eliciting functional requirements • Eliciting various non-functional requirements, such as for security, safety, etc • Identifying threats to system operation • Identifying ways of neutralizing those threats

  20. Reference I. Alexander, "Misuse Cases: Use Cases with Hostile Intent," IEEE Software, vol. 20,  no. 1,  pp. 58-66,  Jan/Feb,  2003.

  21. Questions?