Skip to Main Content
Humans have analyzed negative scenarios ever since they first sat around Ice Age campfires debating the dangers of catching a woolly rhinoceros: "What if it turns and charges us before it falls into the pit?" A more recent scenario is "What if the hackers launch a denial-of-service attack?" Modern systems engineers can employ a misuse case, the negative form of a use case, to document and analyze such scenarios. A misuse case is simply a use case from the point of view of an actor hostile to the system under design. Misuse cases have many possible applications and interact with use cases in interesting and helpful ways. The paper discusses the elicitation of safety requirements from failure cases and considers the interplay of design, functional, and nonfunctional requirements.