The Role of Sequence Diagrams in Use/Misuse Case Decomposition for Secure Systems

J.J. Pauli (USA)


Security requirements, decomposition, consistency, use/misuse cases, sequence diagrams.


Misuse case modeling is a viable option to depict the security requirements together with functional requirements. We use decomposition to investigate the interplay between functional and security requirements, thus creating a complete set of security-centric requirements. Part of the initial decomposition is to identify relationships (“includes” and “extends”) among decomposed cases for each case type (use, misuse, mitigation use). Decomposition is conducted for each case type independently and then integrated with the “threatens” and “mitigates” relationships where misuse cases “threaten” use cases and mitigation use cases “mitigate” misuse cases. We use sequence diagrams as an additional tool to show the behaviors of normal usage (use cases), potential threats (misuse cases), and necessary security measures (mitigation use cases). These diagrams are especially useful because the order of execution for each case type can have a direct impact on the security of the system. We create a sequence diagram for each case type to aid in the comprehension. As part of this creation, we developed a process for identifying the elements of each diagram and how to ensure that the elements and messages in the sequence diagram are consistent with what was first documented in the textual description of each case.

Important Links:

Go Back