Use case diagrams have proven quite helpful in requirements engineering, both for eliciting requirements and getting a better overview of requirements already stated However, not all kinds of requirements are equally well supported by use case diagrams. They are good for Junctional requirements, but poorer at e.g., security requirements; which often concentrate on what should not happen in the system. With the advent of e- and m-commerce applications security requirements are growing in importance, also for quite simple applications where a short lead time is important. Thus, it would be interesting to look into the possibility for applying use cases on this arena This paper suggests how this can be done, extending the diagrams with misuse cases. This new construct makes it possible to represent actions that the system should prevent together with those actions which if should support.
