Misuse case

Misuse case is a business process modeling tool used in the software development industry.

[7] Another description of the difference is by [8] that defines a use case as a completed sequence of actions which gives increased value to the user, one could define a misuse case as a completed sequence of actions which results in loss for the organization or some specific stakeholder.

A developer or designer can then define the requirements of the user and the hacker in the same UML diagram which in turn helps identify the security risks of the system.

In addition, it introduces two new relations to be used in the diagram: These new concepts together with the existing ones from use case give the following meta model, which is also found as fig.

Ways to increase the widespread adoption of the practice of misuse case development during earlier phases of application development are being considered: the sooner a flaw is found, the easier it is to find a patch and the lower the impact is on the final cost of the project.

Other research focuses on improving the misuse case to achieve its final goal: for [13] "there is a lack on the application process, and the results are too general and can cause a under-definition or misinterpretation of their concepts".

The body of research on the subject demonstrate the knowledge, but beyond the academic world, the misuse case has not been broadly adopted.

System stakeholders should create their own misuse case charts for requirements that are specific to their own problem domains.

Once developed, a knowledge database can reduce the amount of standard security flaws used by lambda hackers.

"It might be useful to create a specific notation for security functionality, or countermeasures that have been added to mitigate vulnerabilities and threats.

Example of the Misuse case principle, which could be used in thinking about capturing security requirements.
vectorial version
vectorial version