• Abuse cases (or misuse case) derived from use cases of software system
    濫用案例 (或誤用案例) 源自軟體系統的使用案例
  • Abuse cases capture abnormal behavior of the system
    濫用案例捕獲系統的異常行為
  • It depicts the actions taken by malicious users with the intent to intrude or hack or compromise the software functioning
    它描述了惡意用戶為了侵入或破解或破壞軟體功能而採取的行動
  • It helps stakeholders to differentiate between the appropriate and inappropriate use of software system
    它可以幫助利益相關者區分軟件系統的適當和不恰當的使用
  • Abuse cases lay the foundation for threat modeling in design phase
    濫用案例為設計階段的威脅建模奠定了基礎

Threatens Relationship

  • The “threaten" relationship is used to describe abuse case scenario
    “威脅”關係用於描述濫用案例場景
  • It describes the way the attacker can abuse the system
    它描述了攻擊者濫用系統的方式
  • It helps to portray the activity where an abuse case can threaten a use case with failure
    它有助於描述濫用案例可能威脅用例失敗的活動
Abuse Case 會對 Use Case 造成威脅

Abuse Case Modeling Steps

  1. Conduct brainstorming sessions or whiteboard sessions with relevant stakeholders and security experts
    與相關的利益相關者和安全專家一起進行頭腦風暴會議或白板會議
    * Abuse case should be considered while developing use cases for functional requirements
    在開發功能需求的用例時應考慮濫用案例
  2. Analyze the use cases generated to capture functional requirements
    分析生成的用例以捕獲功能需求
    * Start with High level use cases
    從高級用例開始
    * Continue to analyze use cases at granular level
    繼續在粒度級別分析用例
    * Understand the complete picture about what system does
    了解有關系統功能的完整圖片
  3. Think from adversary‘s perspective
    從對手的角度思考
    * How system can be misused?
    系統如何被濫用?
    * How system can be disrupted?
    系統如何被破壞?
  4. Identify the malicious actor
    識別惡意行為者
  5. Identify, specify, and define the abuse cases
    識別,指定和定義濫用案例
  6. Build abuse case for every use case
    為每個用例構建濫用案例
  7. Check for granularity of detail
    檢查細節的粒度
  8. Check completeness and minimality
    檢查完整性和最小化

Abuse Cases: Advantages and Disadvantages

  • Advantages 好處
    * It is easy for the managers to learn and use abuse cases
    管理人員很容易學習和使用濫用案例
    * Abuse cases contribute a lot during requirement gathering phase
    在需求收集階段,濫用案例貢獻很多
  • Disadvantages 缺點
    * Abuse cases can only be used with object oriented software systems
    濫用案例只能用於物件導向的軟體系統
    * Abuse case models do not specify any detail regarding the relation between use case and abuse case
    濫用案例模型未指定有關用例與濫用案例之間關係的任何詳細訊息

Abuse Case Template