Sins of the Father: Avoiding Design Mistakes via Abuse Cases

摘要

Stories of how real systems suffered from design defects aim to create a percipient link in the mind of developers and software engineers with respect to their projects. The software engineer may focus on standard use cases for a system, but a robust approach demands "abuse cases" to accompany the system description. Real-world examples of how abuse cases can prevent exploitation by hackers of various skill levels suggest mitigations and best-practices across the development lifecycle. Four key concepts lead to the creation of meaningful abuse cases. Through the lessons of the past, those involved with the software engineering process shall derive the experience to architect and implement secure systems. The goal of reduced costs and increased robustness helps avoid the unpredictable layer of defensive costs that accompany a system beyond its developmental costs. This paper describes abuse cases and provides a business case for their use followed with case studies applied to real-world systems.