Executable misuse cases for modeling security concerns

Jon Whittle, Duminda Wijesekera, Mark Hartong

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

49 Citations (Scopus)


Misuse cases are a way of modeling negative requirements, that is, behaviors that should not occur in a system. In particular, they can be used to model attacks on a system as well as the security mechanisms needed to avoid them. However, like use cases, misuse cases describe requirements in a high-level and informal manner. This means that, whilst they are easy to understand, they do not lend themselves to testing or analysis. In this paper, we present an executable misuse case modeling language which allows modelers to specify misuse case scenarios in a formal yet intuitive way and to execute the misuse case model in tandem with a corresponding use case model. Misuse scenarios are given in executable form and mitigations are captured using aspect-oriented modeling. The technique is useful for brainstorming potential attacks and their mitigations. Furthermore, the use of aspects allows mitigations to be maintained separately from the core system model. The paper, supported by a UML-based modeling tool, describes an application to two case studies, providing evidence that the technique can support red-teaming of security requirements for realistic systems.

Original languageEnglish
Title of host publicationICSE'08
Subtitle of host publicationProceedings of the 30th International Conference on Software Engineering 2008
Number of pages10
Publication statusPublished - 15 Dec 2008
Externally publishedYes
EventInternational Conference on Software Engineering 2008 - Leipzig, Germany
Duration: 10 May 200818 May 2008
Conference number: 30th
https://ieeexplore.ieee.org/xpl/conhome/4814109/proceeding (Proceedings)

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257


ConferenceInternational Conference on Software Engineering 2008
Abbreviated titleICSE 2008
Internet address


  • Early aspects
  • Misuse cases
  • Scenarios

Cite this