Make a list of at least 5 adversary types who could gain from hacking into OpenEMR.
Develop a use case diagram for OpenEMR (include at least three user roles, your choice).
Add misuse and abuse cases to the use case diagram you created in the previous step. The misuse and abuse cases would interact with the use cases. Be creative and as complete as possible considering the various types of malicious actors (a.k.a. adversary) that would like to abuse the chosen module and what they would want to do as well as benevolent users that make mistakes that could result in a security breach.
For one of the abuse and/or misuse cases in your diagram, write a detailed abuse case description using the template in the class slides.
Diagram reminders:
Every use case, misuse case, and abuse case should start with a verb (e.g. edit patient records).
Every use case, misuse case, and abuse case that comes directly from a good or malicious actor should be something they want (a goal) and not the technique they want to use. Some examples that are NOT abuse case "SQL injection" "Buffer overflow" -- these are HOW the malicious actor may want to achieve his/her goal but is not the goal itself.
You can abstract common functionality into a use case using the <<includes>> stereotype -- but that would mean this use case would have more than one arrow coming into it and/or coming out of it. If only one arrow goes in or comes out, then you need to ask yourself if you are drawing a flowchart and not a use/abuse/misuse case diagram.
You may treat the unfilled fields (e.g. 'extension points') in the example as optional.