Misuse and Abuse Cases: Getting Past the Positive
نویسندگان
چکیده
trend, most systems for designing software also tend to describe positive features. Savvy software practitioners are beginning to think beyond features, touching on emergent properties of software systems such as reliability, security , and performance. This is mostly because experienced customers are beginning to demand secure and reliable software; but in many situations, it's still up to the software developer to define " secure " and " reliable. " To create secure and reliable software , we first must anticipate abnormal behavior. We don't normally describe non-normative behavior in use cases, nor do we describe it with UML, but we must have some way to talk about and prepare for it. " Misuse " (or " abuse ") cases can help organizations begin to see their software in the same light that attackers do. By thinking beyond normative features, while simultaneously contemplating negative or unexpected events, software security professionals can better understand how to create secure and reliable software. Guttorm Sindre and Andreas Opdahl extend use-case diagrams with misuse cases to represent the actions that systems should prevent in tandem with those that they should support for security and privacy requirement analysis. 1 Ian Alexander advocates using misuse and use cases together to conduct threat and hazard analysis during requirements analysis. 2 In this article, we provide a non-academic introduction to the software security best practice of misuse and abuse cases, showing you how to put the basic science to work. In case you're keeping track, Figure 1 shows you where we are in our series of articles about software security's place in the software development life cycle. Security is not a set of features There is no convenient security pull-down menu that will let you select " security " and then sit back and watch magic things happen. Unfortunately , many software developers simply link functional security features and mechanisms somewhere into their software, mistakenly assuming that doing so addresses security needs throughout the system. Too often, product literature makes broad, feature-based claims about security, such as " built with SSL " or " 128-bit encryption included, " which represent the vendor's entire approach for securing its product. Security is an emergent property of a system, not a feature. This is like how " being dry " is an emergent property of being inside a tent in the rain. The tent only keeps you dry if the poles are …
منابع مشابه
Medical misuse of controlled medications among adolescents.
OBJECTIVES To determine the past-year medical misuse prevalence for 4 controlled medication classes (pain, stimulant, sleeping, and antianxiety) among adolescents, and to assess substance use outcomes among adolescents who report medical misuse. DESIGN A Web-based survey was self-administered by 2744 secondary school students in 2009-2010. SETTING Two southeastern Michigan school districts....
متن کاملThe pattern of Injuries in Physical Child Abuse Referred to the Forensic Centers of Mazandaran Province in Two Years
Aims: Child abuse has various consequences. The present study investigate the cases of child abuse referred to the forensic centers of Mazandaran province and evaluate the challenges for recording a case of child abuse in the forensic files Methods: The present cross-sectional retrospective study included all of the referred cases of child abuse to the forensics centers of Mazandaran province i...
متن کاملMisuse Cases and Abuse Cases in Eliciting Security Requirements
Misuse cases, the inverted version of a use case can be used to elicit security requirements. Abuse cases also are used in eliciting security requirements. Their notation appears to be similar. This paper presents a brief comparison between misuse cases and abuse cases. It is observed that misuse cases are able to model a wider range of mis-users and they also interact with use cases in interes...
متن کاملSecuring Positive Train Control Systems
Positive train control (PTC) systems are distributed interoperable systems that control the movement of passenger and freight trains, providing significant safety enhancements over traditional methods of operating railroads. Due to their reliance on wireless communications, PTC systems are vulnerable to attacks that can compromise safety and potentially cause serious accidents. Designing PTC sy...
متن کاملراهکارهای مقابله با گرایش به مصرف موادمخدر
Addiction is a global problem that is facing most of the countries throughout the world. The billions of dollars are the cost of drug addiction, in addition to health care costs and lack of human-resource productivity. Therapeutic actions in many cases do not lead to positive results. Therefore, the importance of preventative efforts and coping with the tendency to misuse substance is clearly u...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEEE Security & Privacy
دوره 2 شماره
صفحات -
تاریخ انتشار 2004