Presentation is loading. Please wait.

Presentation is loading. Please wait.

SE 555 Software Requirements & Specification 1 Misuse Cases.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SE 555 Software Requirements & Specification 1 Misuse Cases."— Presentation transcript:

1 SE 555 Software Requirements & Specification 1 Misuse Cases

2 SE 555 Software Requirements & Specification 2 Understanding Negative Scenarios A Scenario is a sequence of actions leading to a Goal desired by a stakeholder A Negative Scenario is a scenario whose Goal is –desired Not to occur by the organisation in question –desired by a hostile agent (not necessarily human)

3 SE 555 Software Requirements & Specification 3 Misuse Cases Guttorm Sindre and Andreas Opdahl, 2000 Actor is a Hostile Agent (Misactor) Bubble is drawn in inverted colours Goal is a Threat to Our System

4 SE 555 Software Requirements & Specification 4 A Chess Approach to Security Actor’s Best Move … is to find out Misactor’s Best Move, and counter it Misuse Case A 'threatens' Use Case B if achieving the goal of A reduces the system's ability to achieve the goal of B Use Case A 'mitigates' Misuse Case B if it reduces B's effects on the Use Cases that it 'threatens'. –Also sometimes prevents: the function provided by the use case that the arrow originates from, prevents the activation of the misuse case that the arrow is directed towards, sometimes. –detects: the function provided by the use case that the arrow originates from, detects the activation of the misuse case that the arrow is directed towards, sometimes. [3]

5 SE 555 Software Requirements & Specification 5

6 6 Anthropomorphize … for Safety UML's stick-man looks like 'human agent' but can be of any type (robot, system) Anthropomorphizing Forces of Nature is useful: it enables us to reason about threats to our systems Misuse Case helps to Elicit Subsystem Functions

7 SE 555 Software Requirements & Specification 7 Another example

8 SE 555 Software Requirements & Specification 8 Misuse Cases Identify NFRs Use Cases are weak on Nonfunctional Requirements (NFR) Misuse Cases naturally focus on NFRs, e.g. Safety Response is often a SubSystem Function, possibly to handle an Exception

9 SE 555 Software Requirements & Specification 9 Benefits of Misuse Cases Open a new avenue of exploration Contribute to searching systematically for exceptions, directed by the structure of the scenarios Offer immediate justification for the search and indicate the priority of the requirements discovered By personifying and anthropomorphizing the threats, add the force of metaphor to requirements elicitation Make the reasoning behind affected requirements immediately comprehensible

10 SE 555 Software Requirements & Specification 10 Applications of Misuse Cases Eliciting Security Requirements Eliciting Safety Requirements Identifying Exceptions Identifying Test Cases Design Trade-offs

11 SE 555 Software Requirements & Specification 11 Misuse Case Example

12 SE 555 Software Requirements & Specification 12

13 SE 555 Software Requirements & Specification 13 Misuse Case Example Name: Obtain Password Summary: A crook obtains and uses a password for e- shop by reading messages sent through a compromised network. Author and Date

14 SE 555 Software Requirements & Specification 14 Misuse Case Example Basic Path (bp0): (aka Primary Scenario) –The primary path of action taken, ending with success for the misactor and thus failure for the system and its owners. –Bp0-1 A crook hacks a host and installs IP sniffer –Bp0-2 (and extension point e-1): All packets with Login, password, etc are intercepted and analyzed –Bp0-3 Thus the crook collects likely username and password pairs –Bp0-4 The crook uses the stolen username and password pair to login illegally

15 SE 555 Software Requirements & Specification 15 Misuse Case Example Alternate Paths: –Alternate paths of completion of the scenario. Can highlight specific technologies or extreme data values that can be exploited. –Ap1: The crook has Superuser privileges (at Step 1) –AP2: The crook intercepts telephone messages from e-shop operator (at Step 2) –AP3: The crook intercepts e-shop operators portable device’s messages (at Step 3)

16 SE 555 Software Requirements & Specification 16 Misuse Case Example Capture Points –Used to represent the various ways in which misuse is prevented/detected. These work against the misactor. –CP1: Password does not work – changed (bp0-4) –CP2: Password does not work – expired (bp0-4) –CP3: Password does not work – different IP address (bp0-4) –CP4: Operator login restricted to special IP (bp0-4) –CP5: Communication uninterruptible (bp0-2)

17 SE 555 Software Requirements & Specification 17 Misuse Case Example Extension Points: –Shows optional actions which may be taken. They cover actions that the misactor wants to perform. –Ep1: Extends misuse case Tap Communications (in step bp0-2) Triggers: (in template - Under Preconditions) –conditions that describe situations where something else than the primary actor initiates the use case (such as timing). –Tr1: always true Preconditions: –conditions which can be ensured by the system itself –Pc1: Operator has special authority –Pc2: Operator allowed to login over the Internet

18 SE 555 Software Requirements & Specification 18 Misuse Case Example Assumptions: (in template under Preconditions) –conditions which must be true but which cannot be guaranteed by the system itself –As1: operator uses the network to login (for all paths) –As2: operator uses home phone to login (for ap2) –As3: operator uses home phone to login (for ap3) Worse case threat: (post condition) –Describes the outcome if the misuse succeeds. If alt paths, this condition will describe variations in the outcome. –Wc1: The crook gains operator access Prevention guarantee: (post condition) –Describes the guaranteed outcome whatever prevention path is followed. –Cg1: The crook never gets operator access

19 SE 555 Software Requirements & Specification 19 Misuse Case Example Potential Misactor Profile: –Highly skilled, possibly a network admin with criminal intent Stakeholders and Threats: –e-shop: Reduce turnover Lost consumer confidence –Customer: Privacy violation Potential economic loss Scope: Entire business environment

20 SE 555 Software Requirements & Specification 20 Methods for Building Misuse Cases 1.First build Use Cases with actors 2.Introduce major Misuse Cases 3.Identify potential relationships between Use Cases and Misuse Cases

21 SE 555 Software Requirements & Specification 21 References 1.Slides by Professor Stephanie Ludi RIT SE Department Winter Quarter 2006 2.Templates for Misuse Case Descriptions by Gottorm Sindre and Andreas L. Opdahl available at www.ifi.uib.no/conf/refsq2001/papers/p25.pdf 3.Capturing security requirements through Misuse Cases by Gottorm Sindre and Andreas L. Opdahl available at www.nik.no/2001/21-sindre.pdf www.nik.no/2001/21-sindre.pdf 4.Initial Industrial Experience of Misuse Cases in Trade-Off Analysis by Ian Alexander, available at http://easyweb.easynet.co.uk/~iany/consultancy/misuse_cases/misuse_cases_in_t radeoffs.htm http://easyweb.easynet.co.uk/~iany/consultancy/misuse_cases/misuse_cases_in_t radeoffs.htm 5.From Misuse cases to Colboration Diagrams by Zaid Dwaikat and Francesco Parisi-Presicce available at www.software.org/pub/externalpapers/papers/dwaikat- 2004-1.pdf 6.Thanks to work from Ian Alexander

Download ppt "SE 555 Software Requirements & Specification 1 Misuse Cases."

Similar presentations

Use-Cases.

Use-Cases.
Use Case & Use Case Diagram

Use Case & Use Case Diagram
1Spring 2005 Specification and Analysis of Information Systems Specifying Requirements with Use Case Diagrams Part II.

1Spring 2005 Specification and Analysis of Information Systems Specifying Requirements with Use Case Diagrams Part II.
© 2010 Bennett, McRobb and Farmer1 Use Case Description Supplementary material to support Bennett, McRobb and Farmer: Object Oriented Systems Analysis.

© 2010 Bennett, McRobb and Farmer1 Use Case Description Supplementary material to support Bennett, McRobb and Farmer: Object Oriented Systems Analysis.
Misuse Cases Use Cases with Hostile Intent Ian Alexander Independent Consultant

Misuse Cases Use Cases with Hostile Intent Ian Alexander Independent Consultant
CSC 593: Secure Software Engineering SeminarSlide #1 Misuse Cases: Use Cases With Hostile Intent Ian Alexander.

CSC 593: Secure Software Engineering SeminarSlide #1 Misuse Cases: Use Cases With Hostile Intent Ian Alexander.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Use-case Modeling.

Use-case Modeling.
CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.
Use Cases & Requirements Analysis By: Mostafa Elbarbary.

Use Cases & Requirements Analysis By: Mostafa Elbarbary.
Documenting Requirements using Use Case Diagrams

Documenting Requirements using Use Case Diagrams
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 chapter: >> First Principles Krugman/Wells Economics

1 chapter: >> First Principles Krugman/Wells Economics
Adding the Detail Filling in Use Case Templates. Use Case Template The use case diagram is important for visualizing a system and as a communication tool.

Adding the Detail Filling in Use Case Templates. Use Case Template The use case diagram is important for visualizing a system and as a communication tool.
This section has been adapted from Dr. Scott Fleming of U. Memphis Details about Use Cases.

This section has been adapted from Dr. Scott Fleming of U. Memphis Details about Use Cases.
The first step in getting what you want is to decide what you want.

The first step in getting what you want is to decide what you want.
Use case diagrams A use case diagram is UML’s notation for showing the relationships among a set of use cases and actors A use case diagram can help the.

Use case diagrams A use case diagram is UML’s notation for showing the relationships among a set of use cases and actors A use case diagram can help the.
Motivation. Part of Deutsche Telekom project:

Motivation. Part of Deutsche Telekom project:
RUP Requirements RUP Artifacts and Deliverables

RUP Requirements RUP Artifacts and Deliverables
Use Case What is it?. Basic Definition Of who can do what within a system? TemplateDiagramModelDescription.

Use Case What is it?. Basic Definition Of who can do what within a system? TemplateDiagramModelDescription.

Similar presentations

Ads by Google