Refining Use/Misuse/Mitigation Use Cases for Security Requirements


We investigate security at the same time as the functional requirements by refining and integrating use, misuse, and mitigation use cases. Security requirements rely on the interactions among normal system execution (use cases), attacks (misuse cases), and necessary security strategies (mitigation use cases), but previous approaches only use a high-level of abstraction. We use refinement to uncover details of each case and the relationships among them before integrating them. We identify and model “includes” and “extends” relationships within each refined case type, and use a condition-driven process that maintains these relationships as refinement continues. We then systematically identify and model “threatens” and “mitigates” relationships to integrate the cases at a detailed level.

Share and Cite:

Pauli, J. (2014) Refining Use/Misuse/Mitigation Use Cases for Security Requirements. Journal of Software Engineering and Applications, 7, 626-638. doi: 10.4236/jsea.2014.78058.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Devanbu, P. and Stubblebine, S. (2000) Software Engineering for Security: A Roadmap. Proceedings of the Conference on The Future of Software Engineering, 227-239.
[2] Ghosh, A., Howell, C. and Whittaker, J. (2002) Building Software Securely from the Ground Up. IEEE Software, 19, 14-16.
[3] McGraw, G. (2004) Software Security. IEEE Security & Privacy, 1, 32-35.
[4] Anton, A. and Potts, C. (1998) The Use of Goals to Surface Requirements for Evolving Systems. Proceedings of the 20th International Conference on Software Engineering, Kyoto, 19-25 April 1998, 157-166.
[5] Alexander, I. (2002) Initial Industrial Experience of Misuse Cases in Tradeoff Analysis. Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering, Essen, 9-13 September 2002, 61-68.
[6] Alexander, I. (2003) Misuse Cases Help to Elicit Non-Functional Requirements. Computing & Control Engineering Journal, 14, 40-45.
[7] Alexander, I. (2003) Misuse Cases: Use Cases with Hostile Intent. IEEE Software, 20, 58-66.
[8] Alexander, I. (2002) Modelling the Interplay of Conflicting Goals with Use and Misuse Cases. Proceedings of 8th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’02), Essen, 9-10 September 2002, 145-152.
[9] Korson, T. (1998) The Misuse of Use Cases (Managing Requirements).
[10] Pauli, J. and Xu, D. (2005) Misuse Case-Based Design and Analysis of Secure Software Architecture. Proceedings of the International Conference on Information Technology Coding and Computing (ITCC’05), Las Vegas, 4-6 April 2005, 398-403.
[11] Tohidi, M. (2003) Task Modeling. Directed Studies Research Honors Project. Carleton University, Ottawa.
[12] Smith, J. (1999) The Estimation of Effort Based on Use Cases. Rational Software White Paper.
[13] Sindre, G. and Opdahl, A. (2001) Capturing Security Requirements through Misuse Cases. Proceedings of the 14th Norsk Information Conference (NIK2001), Tromso, 26-28 November 2001, 212-221.
[14] Srivatanakul, T., Clark, J. and Polack, F. (2004) Writing Effective Security Abuse Cases. Technical Report YCS-2004-375. University of York, York.
[15] Constantine, L. and Lockwood, L. (2001) Structure and Style in Use Cases for User Interface Design. Object-Modeling and User Interface Design. Addison-Wesley, Boston.
[16] Neumann, P. (2004) Principle Assuredly Trustworthy Composable Architectures. CDRL A001 Final Report—DARPA.
[17] Allenby, K. and Kelly, T. (2001) Deriving Requirements Using Scenarios. Proceedings of the 5th IEEE International Symposium on Requirements Engineering (RE’01), Toronto, 27-31 August 2001, 228-235.
[18] Brown, D. and Densmore, J. (2005) The New, Improved RUP SE Architecture Framework. IBM Rational, 1, 1-36.
[19] Bittner, K. and Spence, I. (2003) Use Case Modeling. Addison-Wesley, Boston.
[20] Pauli, J. and Xu, D. (2005) Threat-Driven Architectural Design of Secure Information Systems. Proceedings of the 7th International Conference on Enterprise Information Systems (ICEIS’05), Miami, 24-28 May 2005, 136-143.
[21] Pauli, J. and Xu, D. (2006) Threat-Driven Design and Analysis of Secure Software Architectures. Journal of Information Assurance (JIAS), 1, 171-180.
[22] Pauli, J. and Xu, D. (2006) Ensuring Consistent Use/Misuse Case Refinement for Secure Systems. Proceedings of the 18th International Conference on Software Engineering and Knowledge Engineering (SEKE 2006), San Francisco, 5-7 July 2006, 392-397.
[23] Pauli, J. and Xu, D. (2006) Integrating Functional and Security Requirements with Use Case Refinement. Proceedings of the 11th International Conference on Engineering of Complex Computer Systems (ICECCS 2006), Stanford.
[24] Pfleeger, S. (2001) Software Engineering: Theory and Practice. 2nd Edition, Pearson Education, London.
[25] Eriksson, H., Penker, M., Lyons, B. and Fado, D. (2004) UML 2 Toolkit. Wiley, Indianapolis.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.