A comparison of misuse case models and bow-tie diagrams
| Misuse case models | Bow-tie diagrams |
|---|---|
| [Both] Defined by a simple to understand graphical notation with an open-ended method, allowing for a lot of creativity by the modeller | |
| Originate from computer security and requirements engineering, based on UML use case diagrams | Originate from the safety and reliability domain, related to fault analysis |
| Developed to identify malicious actions (misuse) for a given system | Developed to investigate accident scenarios and define barriers |
| The misuse activity element represents an unwanted event (something that threatens regular activities) | The top event element represents an unwanted event |
| Broad scope. Suitable for describing many different misuse activities in a single model | Narrow scope. Focus on a single unwanted top event per diagram |
| Show actors (attackers, misusers, threat agents) related to misuse activities | Do not represent actors, but in which risky environment (hazard) the top event can occur |
| Mitigations are modelled as security activities | Mitigations are modelled as barriers, which are clearly defined as either preventive or reactive |
| Can depict vulnerable activities that a can be exploited | Represent various threats/causes that can lead to the top event |
| Consequences are not part of the model | Explicitly depict possible consequences following the top event |
| Misuse case models | Bow-tie diagrams |
|---|---|
| [Both] Defined by a simple to understand graphical notation with an open-ended method, allowing for a lot of creativity by the modeller | |
| Originate from computer security and requirements engineering, based on UML use case diagrams | Originate from the safety and reliability domain, related to fault analysis |
| Developed to identify malicious actions (misuse) for a given system | Developed to investigate accident scenarios and define barriers |
| The misuse activity element represents an unwanted event (something that threatens regular activities) | The top event element represents an unwanted event |
| Broad scope. Suitable for describing many different misuse activities in a single model | Narrow scope. Focus on a single unwanted top event per diagram |
| Show actors (attackers, misusers, threat agents) related to misuse activities | Do not represent actors, but in which risky environment (hazard) the top event can occur |
| Mitigations are modelled as security activities | Mitigations are modelled as barriers, which are clearly defined as either preventive or reactive |
| Can depict vulnerable activities that a can be exploited | Represent various threats/causes that can lead to the top event |
| Consequences are not part of the model | Explicitly depict possible consequences following the top event |
As a benefit of your subscription, you can share temporary access to restricted articles.
Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.
Please sign in to your personal account to gift article access.
As a benefit of your subscription, you can share temporary access to restricted articles.
Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.
Gift articles remaining: --
Each link will stop working after 30 days or 10 uses. You may create up to 10 links in a 30 day period.
Gift articles remaining: --
As a benefit of your subscription, you can share temporary access to restricted articles.
Each link will stop working after 30 days or 10 uses.
You have reached the limit of 10 links within a 30 day period.
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.