What is a Mitigation Use Case and how does it relate to Misuse Cases?
A Mitigation Use Case is the defence you add to neutralise a Misuse Case — drawn as a use case with a "mitigates" arrow pointing at the MUC it cancels.
It closes the loop: the MUC says how you can be attacked, the Mitigation Case says what you do about it. Crucially, one mitigation can answer several MUCs at once — which is why modelling it as its own visible use case (rather than burying it in prose) pays off:
Example — Input Validation as mitigation:
[Input Validation] ---mitigates---> [Injection Attack]
[Input Validation] ---mitigates---> [Overflow Attack]
Implementation options:
- Describe mitigation as part of the misuse case description
- Create a separate mitigation use case (better - more visible)
Visual: Mitigation cases are typically shown with a special border (e.g., red outline) to distinguish them from regular use cases.
Key point: One mitigation can address multiple misuse cases (e.g., input validation mitigates both injection and overflow attacks).