An Anti-Pattern for Misuse Cases

Mohammad Torabi Dashti, Saša Radomirović

Research output: Chapter in Book/Report/Conference proceedingConference contribution

191 Downloads (Pure)

Abstract

Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers
Subtitle of host publicationESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers
EditorsSokratis K. Katsikas, Frederic Cuppens, Nora Cuppens, Costas Lambrinodakis, Christos Kalloniatis, John Mylopoulos, Annie Anton, Stefanos Gritzalis
Place of PublicationSwitzerland
PublisherSpringer
Pages250-261
Number of pages12
Volume10683
ISBN (Electronic)9783319728179
ISBN (Print)9783319728162
DOIs
Publication statusPublished - 2018
Event1st International Workshop on SECurity and Privacy Requirements Engineering - Gamle museet / The old museum, Oslo, Norway
Duration: 14 Sep 201715 Sep 2017
https://samosweb.aegean.gr/secpre2017/

Publication series

NameLecture Notes in Computer Science
Volume10683
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Workshop on SECurity and Privacy Requirements Engineering
Abbreviated titleSECPRE 2017
CountryNorway
CityOslo
Period14/09/1715/09/17
Internet address

Fingerprint

Requirements engineering
Communication
Requirements Engineering
Elicitation
Use Case
Dependent
Requirements

Cite this

Dashti, M. T., & Radomirović, S. (2018). An Anti-Pattern for Misuse Cases. In S. K. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinodakis, C. Kalloniatis, J. Mylopoulos, A. Anton, ... S. Gritzalis (Eds.), Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers (Vol. 10683, pp. 250-261). (Lecture Notes in Computer Science; Vol. 10683). Switzerland: Springer . https://doi.org/10.1007/978-3-319-72817-9_16
Dashti, Mohammad Torabi ; Radomirović, Saša. / An Anti-Pattern for Misuse Cases. Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers. editor / Sokratis K. Katsikas ; Frederic Cuppens ; Nora Cuppens ; Costas Lambrinodakis ; Christos Kalloniatis ; John Mylopoulos ; Annie Anton ; Stefanos Gritzalis. Vol. 10683 Switzerland : Springer , 2018. pp. 250-261 (Lecture Notes in Computer Science).
@inproceedings{59e42dd6fe4643b49f959573f1b92338,
title = "An Anti-Pattern for Misuse Cases",
abstract = "Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.",
author = "Dashti, {Mohammad Torabi} and Saša Radomirović",
note = "no funding info",
year = "2018",
doi = "10.1007/978-3-319-72817-9_16",
language = "English",
isbn = "9783319728162",
volume = "10683",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "250--261",
editor = "Katsikas, {Sokratis K.} and Frederic Cuppens and Nora Cuppens and Costas Lambrinodakis and Christos Kalloniatis and John Mylopoulos and Annie Anton and Stefanos Gritzalis",
booktitle = "Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers",

}

Dashti, MT & Radomirović, S 2018, An Anti-Pattern for Misuse Cases. in SK Katsikas, F Cuppens, N Cuppens, C Lambrinodakis, C Kalloniatis, J Mylopoulos, A Anton & S Gritzalis (eds), Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers. vol. 10683, Lecture Notes in Computer Science, vol. 10683, Springer , Switzerland, pp. 250-261, 1st International Workshop on SECurity and Privacy Requirements Engineering, Oslo, Norway, 14/09/17. https://doi.org/10.1007/978-3-319-72817-9_16

An Anti-Pattern for Misuse Cases. / Dashti, Mohammad Torabi; Radomirović, Saša.

Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers. ed. / Sokratis K. Katsikas; Frederic Cuppens; Nora Cuppens; Costas Lambrinodakis; Christos Kalloniatis; John Mylopoulos; Annie Anton; Stefanos Gritzalis. Vol. 10683 Switzerland : Springer , 2018. p. 250-261 (Lecture Notes in Computer Science; Vol. 10683).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An Anti-Pattern for Misuse Cases

AU - Dashti, Mohammad Torabi

AU - Radomirović, Saša

N1 - no funding info

PY - 2018

Y1 - 2018

N2 - Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.

AB - Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.

U2 - 10.1007/978-3-319-72817-9_16

DO - 10.1007/978-3-319-72817-9_16

M3 - Conference contribution

SN - 9783319728162

VL - 10683

T3 - Lecture Notes in Computer Science

SP - 250

EP - 261

BT - Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers

A2 - Katsikas, Sokratis K.

A2 - Cuppens, Frederic

A2 - Cuppens, Nora

A2 - Lambrinodakis, Costas

A2 - Kalloniatis, Christos

A2 - Mylopoulos, John

A2 - Anton, Annie

A2 - Gritzalis, Stefanos

PB - Springer

CY - Switzerland

ER -

Dashti MT, Radomirović S. An Anti-Pattern for Misuse Cases. In Katsikas SK, Cuppens F, Cuppens N, Lambrinodakis C, Kalloniatis C, Mylopoulos J, Anton A, Gritzalis S, editors, Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers. Vol. 10683. Switzerland: Springer . 2018. p. 250-261. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-72817-9_16