GU GCIS 504 - Misuse and Abuse Cases: Getting Past the Positive (3 pages)

Previewing page 1 of 3 page document View the full content.
View Full Document

Misuse and Abuse Cases: Getting Past the Positive



Previewing page 1 of actual document.

View the full content.
View Full Document
View Full Document

Misuse and Abuse Cases: Getting Past the Positive

55 views

Other


Pages:
3
School:
Gannon University
Course:
Gcis 504 - Requirements Engineering

Unformatted text preview:

Building Security In Editor Gary McGraw gem cigital com Misuse and Abuse Cases Getting Past the Positive S oftware development is all about making software do something when software vendors sell their products they talk about what the products do to make customers lives easier such as encapsulating business processes or something similarly positive Following this PACO HOPE AND GARY MCG RAW Cigital ANNIE I ANTO N North Carolina State University 32 trend most systems for designing software also tend to describe positive features Savvy software practitioners are beginning to think beyond features touching on emergent properties of software systems such as reliability security and performance This is mostly because experienced customers are beginning to demand secure and reliable software but in many situations it s still up to the software developer to define secure and reliable To create secure and reliable software we first must anticipate abnormal behavior We don t normally describe non normative behavior in use cases nor do we describe it with UML but we must have some way to talk about and prepare for it Misuse or abuse cases can help organizations begin to see their software in the same light that attackers do By thinking beyond normative features while simultaneously contemplating negative or unexpected events software security professionals can better understand how to create secure and reliable software Guttorm Sindre and Andreas Opdahl extend use case diagrams with misuse cases to represent the actions that systems should prevent in tandem with those that they should support for security and privacy re PUBLISHED BY THE IEEE COMPUTER SOCIETY quirement analysis 1 Ian Alexander advocates using misuse and use cases together to conduct threat and hazard analysis during requirements analysis 2 In this article we provide a nonacademic introduction to the software security best practice of misuse and abuse cases showing you how to put the basic science to work In



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Misuse and Abuse Cases: Getting Past the Positive and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Misuse and Abuse Cases: Getting Past the Positive and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?