Quiz Entry - updated: 2026.07.14
How does a Misuse Case relate to a regular Use Case in a diagram?
A dashed arrow labelled "threatens" runs FROM the Misuse Case TO the use case it endangers — the attacker drives the MUC, the MUC threatens the UC.
The arrow always points from the dark (attack) oval into the white (legitimate) one it puts at risk:
User -----> [Use Case] <----threatens---- [Misuse Case] <----- Attacker
(white) (black)
The three relationships, all pointing from the MUC outward:
| Relationship | From | To | Meaning |
|---|---|---|---|
| threatens | Misuse Case | Use Case | The MUC endangers this UC (puts its security at risk) |
| exploits | Misuse Case | Use Case | The MUC abuses this specific UC as its way in |
| mitigates | Mitigation Case | Misuse Case | A control that cancels the MUC |
threatens vs exploits — the subtle bit: an attack often exploits the UC that is its entry point but threatens a different UC that suffers the damage. In a login attack, an injection exploits "Enter username" (where the bad input goes in) yet threatens "Use system" (the protected functionality it ultimately compromises).