Article Preview
Top1. Introduction
Nowadays security is indispensable quality attribute for many systems. There is a constant threat of a multitude of attacks that can risk the integrity of a system. Systems must be able to perform and deliver their business values securely even when attacked otherwise they will be deemed untrustworthy. Conventional software engineering processes focuses on the development of system functionality that realizes business needs while security being considered after functionality development is completed; an afterthought. Systems are then patched with defensive mechanisms such as cryptographic components, IDS (Intrusion Detection System) and firewalls. Such approaches to security are insufficient and likely lead to costly reworks (Jürjens, 2004). Instead, software systems should be development using a secure software engineering process. Secure software engineering states that security concerns should be taken into account as early as possible in the development life cycle (Dubois & Wu, 1996; Mead, 2007).
Use case modeling is a very popular requirements engineering technique for eliciting, specifying and communicating functional requirements of a system (OMG, 2003). Use case modeling has a relatively simple syntax which enables non-technical stakeholders to comprehend and provide vital feedback. Another key reason for the success and popularity of use case modeling is its scenario-based approach to specifying requirements. Scenario-based specifications are widely accepted in requirements engineering as it offers a natural way to describe the behavior of systems, which in many cases occur as usage examples. It has been shown through an industrial survey that scenarios are an effective technique to determine and validate requirements (Weidenhaupt et al., 1998). Several research works have devised approaches to secure software development by leveraging the popularity of use case modeling, most notably misuse cases (Sindre & Opdahl, 2005) and abuse cases (McDermott & Fox, 1999). Misuse and abuse cases were both introduced as extensions to use case modeling. The behavioral machination and notation of misuse and abuse cases are similar to use cases, however they are semantically the inverse of use cases. Although misuse and abuse cases are ostensibly equivalent, there are distinct contrasts between them which have been outlined in great detail in Chun Wei (2005). In Chun Wei (2005), differences between misuse and abuse case modeling with respect to concept and intent; content and level of detail; notation; and how they are developed, have been presented. The contrasts between misuse and abuse cases lead to the conclusion that they are both useful use case-based tools for functional security modeling of which neither can substitute for the other. In fact, the Unified Use-Misuse Case Model (UUMCM) has been proposed by Arogundade et al. (2011) to satisfy the need to include both misuse and abuse cases within the same model. The UUMCM will be the focal model of this paper as we consider it to be the most advanced use case-based security modeling technique to date. A use case model consists of a diagram depicting use cases, actors and relationships between them, and it consists of textual descriptions explaining the use cases and actors. Similarly, the UUMCM consists of a diagram containing use, misuse and abuse cases, actors, misusers and abusers, and relationships between them. The UUMCM also consists of textual descriptions explaining the use, misuse and abuse cases, and actors, misusers and abusers.