Lillian Røstad, An extended misuse case notation: Including vulnerabilities and the insider threat, The Twelfth Working Conference on Requirements Engineering:
Foundation for Software Quality (REFSQ'06) 2006.
Summary:
Rostad suggests extending misuse case notation for modeling vulnerabilities as weaknesses in the system and insider attackers. The extended notation introduces a new type of actor called insider that has the capabilities and permissions of an authorized actor who misuses the given permissions. The concept of vulnerability is defined as a weakness that may be exploited by the misuse. In the extended modeling notation the concept of vulnerability is expressed a type of use case, with an exploit relationship from the threat to the vulnerability.
In the example cases presented in [], “enter password” or “enter username” use cases are highlighted as the vulnerability that the injection attack or overflow attach can exploit.
Why it is good:
The author asserts that the threat toward a system may only be realized in an attack if the system contains vulnerabilities that can be exploited, and it is important to consider the vulnerabilities to identify all possible threats and attacks.
Problems and limitations:
However, the author does not distinguish between the concept to of attack and threat.
In addition, it is not justified why and how vulnerability, as a weakness in the system that can be exploited, can be modeled as a use case. The examples of vulnerabilities in [] are ordinary use cases of a system, that bring a vulnerability to the system. In sum, the semantics of the proposed modeling element as vulnerability is not compatible with the definition and concept of vulnerability as a weakness. For example, buffer overflow or password loss are example of vulnerabilities, while in the examples provided in [] vulnerable use cases were modeled instead of weaknesses.