Defining Misuse within the Development Process

11 years 5 months ago
Defining Misuse within the Development Process
abstraction a use case model offers makes it an appropriate startingpointforsoftwaresecurityanalysis and design activities. In contrast, a misuse case describes potential system behaviors that a system's stakeholders deem unacceptable. In a misuse case, at least one threat (or, in more common parlance, attacker) serves as an actor. Thus, a misuse case conveys each threat actor's goals in misusing the system. It's important that these misuseseitherrepresenthigh-probability attacks or high-impact events that negatively affect the system's legitimate stakeholders. Misuse cases should be at a level of detail that drives design activities. By considering conceptual attacks, such as types of theft,privacyviolation,anddenialof service, the misuse case prevents modeling analysts from becoming stymied or inappropriately mired in unimportant (at the time) technical details. Like use case models, misuse cases are iteratively refined throughout the software development life cyc...
Gunnar Peterson, John Steven
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2006
Authors Gunnar Peterson, John Steven
Comments (0)