Improving Quality in Misuse Case Models: A Risk-Based Approach

Security is a crucial requirement for many software systems. Misuse case modeling is a technique that allows system designers to inject security considerations within their designs early in the development cycle. This is potentially a much more effective approach to ensuring security than patching an end system with security mechanisms after it was developed. While the notation and syntactical rules of misuse case models are relatively simple, developing high quality misuse case models is not a straightforward task. Modeling practitioners are highly vulnerable to modeling mistakes, creating defective misuse case models that can lead to the development of insecure systems. In this paper, an approach based on antipatterns that attempts to repair defective misuse case models is presented. The misuse case model of an Online Phone Accessories Store subsystem is presented to demonstrate the feasibility of the approach. The results show that applying the technique has improved the overall quality of the misuse case model.