Abuse case
   HOME

TheInfoList



Click Here for Items Related To - Abuse case
OR:
Abuse case on:   [Wikipedia]   [Google]   [Amazon]

Abuse case is a specification model for security requirements used in the software development industry. The term Abuse Case is an adaptation of
use case In software and systems engineering, the phrase use case is a polyseme with two senses: # A usage scenario for a piece of software; often used in the plural to suggest situations where a piece of software may be useful. # A potential scenario ...
. The term was introduced by John McDermott and Chris Fox in 1999, while working at Computer Science Department of the James Madison University. As defined by its authors, an abuse case is a ''type of complete interaction between a system and one or more actors, where the results of the interaction are harmful to the system, one of the actors, or one of the stakeholders in the system. We cannot define completeness just in terms of coherent transactions between actors and the system. Instead, we must define abuse in terms of interactions that result in actual harm. A complete abuse case defines an interaction between an actor and the system that results in harm to a resource associated with one of the actors, one of the stakeholders, or the system itself.'' Their notation appears to be similar to
Misuse case Misuse case is a business process modeling tool used in the software development industry. The term ''Misuse Case'' or ''mis-use case'' is derived from and is the inverse of use case.Sindre and Opdahl (2001).Capturing Security Requirements throug ...
s, but there are differences reported by Chun Wei in Misuse Cases and Abuse Cases in Eliciting Security Requirements.Chun Wei (Johnny), Sia, Misuse Cases and Abuse Cases in Eliciting Security Requirements, http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/csia.pdf


Overview

Use case In software and systems engineering, the phrase use case is a polyseme with two senses: # A usage scenario for a piece of software; often used in the plural to suggest situations where a piece of software may be useful. # A potential scenario ...
s specify required behaviour of software and other products under development, and are essentially structured stories or scenarios detailing the normal behavior and usage of the software. Abuse cases extend the
UML The Unified Modeling Language (UML) is a general-purpose, developmental modeling language in the field of software engineering that is intended to provide a standard way to visualize the design of a system. The creation of UML was originally m ...
notation to model abuse in those systems.


Area of use

Abuse cases are most commonly used in the field of security requirements elicitation.


Basic concepts

An abuse case diagram is created together with a corresponding use case diagram, but not in the same diagram (different from
Misuse case Misuse case is a business process modeling tool used in the software development industry. The term ''Misuse Case'' or ''mis-use case'' is derived from and is the inverse of use case.Sindre and Opdahl (2001).Capturing Security Requirements throug ...
). There is no new terminology or special symbols introduced for abuse case diagrams. They are drawn with the same symbols as a use case diagram. To distinguish between the two, the use case diagram and abuse case diagrams are kept separate, and related. Hence abuse cases do not appear in the use case diagrams and vice versa.


See also

*
Use case diagram A use case diagram is a graphical depiction of a user's possible interactions with a system. A use case diagram shows various use cases and different types of users the system has and will often be accompanied by other types of diagrams as well. Th ...
*
Misuse case Misuse case is a business process modeling tool used in the software development industry. The term ''Misuse Case'' or ''mis-use case'' is derived from and is the inverse of use case.Sindre and Opdahl (2001).Capturing Security Requirements throug ...
*
Threat model Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide de ...
(software)


References

{{reflist Software project management