John Pescatore

I’ve been using the Chrome browser, mainly because I got tired of browser bloat in IE and Mozilla. When I installed Chrome, it asked me if I wanted to import my bookmarks from IE and I bravely said no – time for a fresh start. My bookmark file dates back to about 1994 and the first Mosaic browser. I kept importing it over to new versions of Netscape, then to IE after Microsoft and AOL killed Netscape, and then to Firefox when Mozilla brought that out.   My bookmark file was a bloated mess with oddly named folders and scads of dead links.

With time to kill on a flight home from Las Vegas last night (I call it the “pink-eye” – leave at 5pm, land at 1am) I decided to look through the various spots on my laptop (Southwest doesn’t have movies) where I store links, to see if they might be candidates for my shiny new Chrome bookmark file. I came across one of the best papers on safe software design principals: “Capturing Security Requirements Through Misuse Cases” by Norwegian professors Sindre and Opdahl in 2001. 

In a discussion on a previous post, I brought up how important “interlocks” are – mechanisms to prevent users from hurting themselves (or others), like the need to put your foot on the brake pedal before shifting a car from park to drive. That is a misuse case driven feature – people would drive through convenience store windows as they looked backwards over their shoulder and shifted into the wrong gear.  The original PRNDL developers never thought anyone would mistakenly go all the way to D when they were looking over their shoulders trying to shift to R.

Many creative developers and business people are really good at “use” cases – great features to delight users. It takes a different mentality to think through misuse cases – this is why every protocol ever written is almost instantly misused by the bad guys and then later by other good guys who think up new ways to misuse the original technology. See http.

Misuse cases are really important to safety, which I think is very different from security. There is lots of overlap and misuse cases can be seen as a subset of overall threat modelling, but there is a reason why the Consumer Product Safety Commission in not under the Department of Defense.

Searching around to see what those guys may have put out since 2001, I came across a pretty good paper by the year-old SAFECode consortium. Nothing earth-shattering or really new, but a good spot to find links to all the important areas around how to develop secure, and hopefully safe, software.  Joseph Feiman has a number of good Gartner research notes and presentations around secure development practices and futures, as well.

Submit a Comment »

Category: Uncategorized     Tags:

Share