Software professionals having strong technical knowledge fail to serve secure solution because of their scarce knowledge in the field of security. As an alternative they use abuse cases to capture and analyze security requirements.
Abuse cases are defined as complete interaction between a system and one or more actors, where the results are harmful to the system, actors or the stakeholders in the system. For example, John is an administrative officer of a company where Paul and Sam are employees. As an administrator, John can view employee details like Project name, year of experience etc. Paul owns his sensitive personal information such as salary account details, which should be protected. If some other employee like Sam is able to view Paul’s account detail, then that would be an abuse case.
Building abuse cases are a way to get into the mind of attacker. The purpose of having abuse cases is to elicit security requirement. The designer gets clear idea about appropriate and inappropriate behavior of the system. The goal is to cause error, damage data and undetermined the stability of the system. System’s behavior under attack are described using abuse cases. It generally describe the functions that system should not allow and coverage of what should be protected and from whom.
Security becomes more important as most of our personal and business data is computerized. Taking unexpected events into consideration software security professionals can well address the security and the reliability of the software they develop.
Authored by Swayambada Jena