Misuse Cases: Use Cases with Hostile Intent Presented by: Frank Xu Gannon University.

Slides:



Advertisements
Similar presentations
© Ricardo plc 2012 Eric Chan, Ricardo UK Ltd 21 st October 2012 SARTRE Demonstration System The research leading to these results.
Advertisements

Misuse Cases Use Cases with Hostile Intent Ian Alexander Independent Consultant
UML: Use Cases Michael L. Collard, Ph.D. Department of Computer Science Kent State University.
CSC 593: Secure Software Engineering SeminarSlide #1 Misuse Cases: Use Cases With Hostile Intent Ian Alexander.
OOAD Using the UML - Use-Case Analysis, v 4.2 Copyright  Rational Software, all rights reserved 1/18 Use Case Analysis – continued Control Classes.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
The Unified Software Development Process - Workflows Ivar Jacobson, Grady Booch, James Rumbaugh Addison Wesley, 1999.
SE 555 Software Requirements & Specification1 Use-Case Modeling: Overview and Context.
SE 555 Software Requirements & Specification 1 Misuse Cases.
Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.
Use Cases and Scenarios
Introduction to Software Engineering Dr. Basem Alkazemi
Use Case Analysis – continued
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.
Requirements Engineering
USE Case Model.
Engineering Security Requirement
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering 2.
Requirements Elicitation. Requirement: a feature or constraint that the system must satisfy Requirements Elicitation: specification of the system that.
1 Chapter 2 Socio-technical Systems (Computer-based System Engineering)
Architecting secure software systems
Astrakhan “ROAD SAFETY”. Event details Date: 11 th of October 2012 Place: Gymnasia #3, Astrakhan Attendees: 26 children (5 th Grade) HSE Instructor: Galina.
® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 06. Requirements.
1 Objectives  Describe design constraints.  Identify methods of specifying functional requirements.  Describe techniques for writing and structuring.
المحاضرة الثالثة. Software Requirements Topics covered Functional and non-functional requirements User requirements System requirements Interface specification.
The Unified Modeling Language Part I Omar Meqdadi SE 2730 Lecture 6 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.
CSE 403 Lecture 14 Safety and Security Requirements.
Innovative ITS services thanks to Future Internet technologies ITS World Congress Orlando, SS42, 18 October 2011.
Prepared by Afra`a Sayah. Introduction. Weekly Tasks. Plane Phase. Analysis Phase. Design Phase. Report Rules. Conclusion. 2.
Interaction Modeling Interaction model describes how objects interact to produce useful results. Interactions can be modeled at different levels of abstraction:
 CS 5380 Software Engineering Chapter 8 Testing.
Chapter 4 – Requirements Engineering Lecture 3 1Chapter 4 Requirements engineering.
Requirement Engineering. Review of Last Lecture Problems with requirement Requirement Engineering –Inception (Set of Questions) –Elicitation (Collaborative.
Chapter 6 Use Cases. Use Cases: –Text stories Some “actor” using system to achieve a goal –Used to discover and record requirements –Serve as input to.
Requirements Specification for Lab3 COP4331 and EEL4884 OO Processes for Software Development © Dr. David A. Workman School of Computer Science University.
Requirements Artifacts Precursor to A & D. Objectives: Requirements Overview  Understand the basic Requirements concepts and how they affect Analysis.
Chapter 11 Analysis Concepts and Principles
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
CSCE 548 Secure Software Development Final Exam – Review.
Demand Response Use Case & Functional Requirements Development UCAIug Meeting Jan 6, 2009 Mark van den Broek.
Misuse Cases Claude Turner. Outline Introduction Misuse Cases Example 1 Example 2 Tool Support for Use and Misuse Cases.
Lecture 7: Requirements Engineering
IS3320 Developing and Using Management Information Systems Lecture 9: Use Cases and Scenarios Rob Gleasure
Shanghai Jiao Tong University 上海交通大学软件工程中心 Object Oriented Analysis and Design Requirements Overview.
Requirement Handling
1 Software Requirements l Specifying system functionality and constraints l Chapters 5 and 6 ++
CMSC 345 Fall 2000 Requirements Overview. Work with customers to elicit requirements by asking questions, demonstrating similar systems, developing prototypes,
IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2011 Design Principles for Advanced Driver Assistance Systems: Keeping Drivers In-the-Loop Transmitted.
1 Chapter 8 Building the Analysis Model (1) Analysis Concepts and Principles.
Cryptography and Network Security Sixth Edition by William Stallings.
Slide 1 Service-centric Software Engineering. Slide 2 Objectives To explain the notion of a reusable service, based on web service standards, that provides.
Chapter 5 System Modeling (1/2) Yonsei University 2 nd Semester, 2015 Sanghyun Park.
Prof. Hany H. Ammar, CSEE, WVU, and
Wireless Network Management SANDEEP. Network Management Network management is a service that employs a variety of tools, applications, and devices to.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
CSCI 383 Object-Oriented Programming & Design Lecture 7 Martin van Bommel.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 6/6/2016 1/25 IT076IU Software Engineering Project Review 2.
© NALO Solutions Limited NALO Solutions, presents the – Revenue Collector App Using Mobile Phones to gather Revenue SOFTWARE ENGINEERING.
Demand Response Use Case & Functional Requirements Development UCAIug Meeting Jan 6, 2009 Mark van den Broek.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
Vehicle Safety and Winter Driving Safety To ensure the security of vehicles parked in a facility parking lot should be locked when not in use. To ensure.
An Overview of Requirements Engineering Tools and Methodologies*
CSCE 548 Secure Software Development Use Cases Misuse Cases
UML Use Case Diagrams.
Chapter 9 Use Cases.
Object Oriented Analysis and Design
CS 4360 Software Engineering
Presentation transcript:

Misuse Cases: Use Cases with Hostile Intent Presented by: Frank Xu Gannon University

Objectives Understand what misuse cases are Understand applications of misuse cases ▫eliciting requirements ▫eliciting exceptions ▫developing test cases

Use Cases Individual use case describes ▫how a particular actor(agent) interacts with the system to achieve a result of value to the specific actor. The set of all use cases together describes ▫the complete behavior of the system. A use-case model ▫provide graphical overview of actors, use cases, and their dependency.

Drive the car Park the car Lock the car

Misuse Cases The scenarios in which such 'negative' agents attempt to defeat the system under design

Misuse Case Misuse cases are negative use cases Actor is a hostile agent

Applications of Misuse Cases Eliciting functional requirements Eliciting nonfunctional requirements Eliciting exceptions Developing test cases

Eliciting Functional requirements

Eliciting Functional Requirements

Eliciting Non-functional Requirements “The car shall be constructed to the intrusion resistance defined in STD ”

Eliciting Safety Requirements Misuse Cases are not limited to eliciting Security Requirements, or threats from human agents. A negative agent such as bad weather can be represented as a misuse case  Drivers may lose control of their cars if the road is covered in ice or wet leaves  The weather as an agent 'intending' to make the car skid.

Eliciting Safety Requirements

Eliciting “-ility” Requirements Nonfunctional Requirements Negative agents ReliabilityHuman error, storms, design errors, interference on telecommunication links Maintainability and PortabilityInflexible design, incompatible platform UsabilityPoorly designed the user interface

Eliciting Exceptions An exception is an undesired event that could cause a system to fail. ▫“What could they do to make this go wrong?” ▫Divided by 0 Handling such exception lead to resumption of normal operations, or lead to a safe shutdown. ▫GE locomotive – satellite signal transmitting vs. weather

Eliciting Test Cases

Products of use/misuse-case analysis that can contribute to effective test planning include ▫ Specific failure modes (for real-time, embedded, and safety related systems) ▫ Security threats model (for distributed commercial and government systems) ▫Exception-handling scenarios (always useful, often directly translating to test scripts)

Key points Misuse Case models are a promising approach for ▫Eliciting functional requirements ▫Eliciting various non-functional requirements, such as for security, safety, etc ▫Identifying threats to system operation ▫Identifying ways of neutralizing those threats

Reference I. Alexander, "Misuse Cases: Use Cases with Hostile Intent," IEEE Software, vol. 20, no. 1, pp , Jan/Feb, 2003.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.