Misuse Cases: Use Cases with Hostile Intent Presented by: Frank Xu Gannon University
Objectives • Understand what misuse cases are • Understand applications of misuse cases • eliciting requirements • eliciting exceptions • developing test cases
Use Cases • Individual use case describes • how a particular actor(agent) interacts with the system to achieve a result of value to the specific actor. • The set of all use cases together describes • the complete behavior of the system. • A use-case model • provide graphical overview of actors, use cases, and their dependency.
Drive the car Park the car Lock the car
Misuse Cases • The scenarios in which such 'negative' agents attempt to defeat the system under design
Misuse Case • Misuse cases are negative use cases • Actor is a hostile agent
Applications of Misuse Cases • Eliciting functional requirements • Eliciting nonfunctional requirements • Eliciting exceptions • Developing test cases
Eliciting Non-functional Requirements “The car shall be constructed to the intrusion resistance defined in STD-123-456.”
Eliciting Safety Requirements • Misuse Cases are not limited to eliciting Security Requirements, or threats from human agents. • A negative agent such as bad weather can be represented as a misuse case • Drivers may lose control of their cars if the road is covered in ice or wet leaves • The weather as an agent 'intending' to make the car skid.
Eliciting Exceptions • An exception is an undesired event that could cause a system to fail. • “What could they do to make this go wrong?” • Divided by 0 • Handling such exception lead to resumption of normal operations, or lead to a safe shutdown. • GE locomotive – satellite signal transmitting vs. weather
Eliciting Test Cases • Products of use/misuse-case analysis that can contribute to effective test planning include • Specific failure modes (for real-time, embedded, and safety related systems) • Security threats model (for distributed commercial and government systems) • Exception-handling scenarios (always useful, often directly translating to test scripts)
Key points • Misuse Case models are a promising approach for • Eliciting functional requirements • Eliciting various non-functional requirements, such as for security, safety, etc • Identifying threats to system operation • Identifying ways of neutralizing those threats
Reference I. Alexander, "Misuse Cases: Use Cases with Hostile Intent," IEEE Software, vol. 20, no. 1, pp. 58-66, Jan/Feb, 2003.