An Anti-Pattern for Misuse Cases

Mohammad Torabi Dashti, Saša Radomirović

Research output: Chapter in Book/Report/Conference proceedingConference contribution

261 Downloads (Pure)

Abstract

Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers
Subtitle of host publicationESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers
EditorsSokratis K. Katsikas, Frederic Cuppens, Nora Cuppens, Costas Lambrinodakis, Christos Kalloniatis, John Mylopoulos, Annie Anton, Stefanos Gritzalis
Place of PublicationSwitzerland
PublisherSpringer
Pages250-261
Number of pages12
Volume10683
ISBN (Electronic)9783319728179
ISBN (Print)9783319728162
DOIs
Publication statusPublished - 2018
Event1st International Workshop on SECurity and Privacy Requirements Engineering - Gamle museet / The old museum, Oslo, Norway
Duration: 14 Sep 201715 Sep 2017
https://samosweb.aegean.gr/secpre2017/

Publication series

NameLecture Notes in Computer Science
Volume10683
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Workshop on SECurity and Privacy Requirements Engineering
Abbreviated titleSECPRE 2017
CountryNorway
CityOslo
Period14/09/1715/09/17
Internet address

Fingerprint Dive into the research topics of 'An Anti-Pattern for Misuse Cases'. Together they form a unique fingerprint.

  • Cite this

    Dashti, M. T., & Radomirović, S. (2018). An Anti-Pattern for Misuse Cases. In S. K. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinodakis, C. Kalloniatis, J. Mylopoulos, A. Anton, & S. Gritzalis (Eds.), Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers (Vol. 10683, pp. 250-261). (Lecture Notes in Computer Science; Vol. 10683). Springer . https://doi.org/10.1007/978-3-319-72817-9_16