Comparing risk identification techniques for safety and security requirements

Journal of Systems and Software

Volumn 86, Issue 4, 2013, Pages 1124-1151

  Raspotnig, Christian ^a,b   Opdahl, Andreas ^a  

^a UNIVERSITY OF BERGEN   (Norway)

^b INSTITUTE FOR ENERGY TECHNOLOGY   (Norway)

Author keywords

Comparison; Requirement elicitation; Risk identification; Safety; Security; Technique

Indexed keywords

COMPARISON; REQUIREMENT ELICITATION; RISK IDENTIFICATION; SECURITY; TECHNIQUE;

ACCIDENT PREVENTION; REQUIREMENTS ENGINEERING;

SAFETY ENGINEERING;

EID: 84875249203     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2012.12.002     Document Type: Conference Paper

References (90)

1. Adler, R.; Domis, D.; Hfig, K.; Kemmann, S.; Kuhn, T.; Schwinn, J.P.; Trapp, M.; 2011. Integration of component fault trees into the UML. In: Dingel, J.; Solberg, A. (Eds.), Models in Software Engineering. Lecture Notes in Computer Science, vol. 6627. Springer, Berlin/Heidelberg, pp. 312-327.
2. K. Allenby, and T. Kelly Deriving safety requirements using scenarios Proceedings. Fifth IEEE International Symposium on Requirements Engineering 2001 228 235
3. E.G. Amoroso Fundamentals of Computer Security Technology 1994 Prentice-Hall, Inc. Upper Saddle River, NJ, USA
4. ARP4754, 1994. Certification considerations for highly-integrated or complex aircraft systems. SAE Systems Integration Requirements Task Group AS-IC.
5. S. Arthasartsri, and H. Ren Validation and verification methodologies in A380 aircraft reliability program 8th International Conference on Reliability, Maintainability and Safety, ICRMS 2009 2009 1356 1363
6. A. Avizienis, J.C. Laprie, B. Randell, and C. Landwehr Basic concepts and taxonomy of dependable and secure computing IEEE Trans Dependable Secur Comput 1 1 2004 11 33
7. B. Berenbach, D. Paulish, J. Kazmeier, and A. Rudorfer Software & systems requirements engineering Practice 1st ed. 2009 McGraw-Hill, Inc. New York, NY, USA
8. D. Black, M. Hull, and K. Jackson Systems engineering and safety - a framework Software, IET 5 1 2011 43 53
9. P. Bresciani, A. Perini, P. Giorgini, F. Giunchiglia, and J. Mylopoulos Tropos: an agent-oriented software development methodology Autonomous Agents and Multi-Agent Systems 8 2004 203 236 10.1023/B:AGNT.0000018806.20944.ef
10. O. Daramola, T. Stalhane, G. Sindre, and I. Omoronyia Enabling hazard identification from requirements and reuse-oriented HAZOP analysis Fourth International Workshop on Managing Requirements Knowledge (MARK) 2011 3 11
11. A. Dardenne, A. van Lamsweerde, and S. Fickas Goal-directed requirements acquisition Science of Computer Programming 20 1-2 1993 3 50
12. M. Deng, K. Wuyts, R. Scandariato, B. Preneel, and W. Joosen A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements Requirements Engineering 16 2011 3 32 doi:10.1007/s00766-010-0115- 7
13. J. Dunj, V. Fthenakis, J.A. Vlchez, and J. Arnaldos Hazard and operability (hazop) analysis a literature review Journal of Hazardous Materials 173 1-3 2010 19 32
14. M. El-Attar Towards developing consistent misuse case models Journal of Systems and Software 85 2 2012 323 339 Special issue with selected papers from the 23rd Brazilian Symposium on Software Engineering
15. C. Ericson Fault tree analysis - a history 17th International System Safety Conference 1999
16. C. Ericson Hazard Analysis Techniques for System Safety 2005 Wiley-Interscience
17. B. Fabian, S. Grses, M. Heisel, T. Santen, and H. Schmidt A comparison of security requirements engineering methods Requirements Engineering 15 2010 7 40
18. Firesmith, D.G.; 2003. Common Concepts Underlying Safety, Security, and Survivability Engineering. Technical Report CMU/SEI-2003-TN-033. Carnegie Mellon University, Software Engineering Institute.
19. Foster, N.L.; 2003. The application of software and safety engineering techniques to security protocol development. Ph.D. thesis. University of York.
20. I.N. Fovino, M. Masera, and A.D. Cian Integrating cyber attacks within fault trees Reliability Engineering and System Safety 94 9 2009 1394 1402 The 18th European Safety and Reliability Conference, ESREL 2007
21. Gould, J.; 2005. Review of hazard identification techniques. Technical Report. Health and Safety Laboratory.
22. J. Guiochet, D. Martin-Guillerez, and D. Powell Experience with model-based user-centered risk assessment for service robots Proceedings of the 2010 IEEE 12th International Symposium on High-Assurance Systems Engineering, HASE'10 IEEE Computer Society, Washington, DC, USA 2010 104 113
23. R. Hassan, S. Bohner, S. El-Kassas, and M. Hinchey Integrating formal analysis and design to preserve security properties 42nd Hawaii International Conference on System Sciences, HICSS '09 2009 1 10
24. M. Hillenbrand, M. Heinz, N. Adler, J. Matheis, and K. Muller-Glaser Failure mode and effect analysis based on electric and electronic architectures of vehicles to support the safety lifecycle ISO/DIS 26262 21st IEEE International Symposium on Rapid System Prototyping (RSP) 2010 1 7
25. IAEA-TEDOC-648, 1992. Procedures for conducting common cause failure analysis in probabilistic safety assessment. Technical Report IAEA-TECDOC-648. International Atomic Energy Agency.
26. Ibrahim, L.; Jarzombek, J.; Ashford, M.; Bate, R.; Croll, P.; Horn, M.; LaBruyere, L.; Wells, C.; 2004. Safety and Security Extensions for Integrated Capability Maturity Models. Technical Report. United States Federal Aviation Administration.
27. IEC 60812, 2006. Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA). International Electrotechnical Commission, 2nd ed.
28. IEC 61025, 2006. Fault tree analysis (FTA). International Electrotechnical Commission, 2nd ed.
29. IEC 61508, 2008. Functional safety of electrical/electronic/programmable electronic safety-related systems. International Electrotechnical Commission, 2nd ed.
30. IEC 62502, 2010. Analysis techniques for dependability - event tree analysis (ETA). International Electrotechnical Commission, 1st ed.
31. ISO27002:2005, 2005. Information Technology-security techniques-code of practice for information security management.
32. ISO73:2009, 2009. Risk management-vocabulary.
33. M. Jackson Problem frames and software engineering Information and Software Technology 47 14 2005 903 912 Special Issue on Problem Frames
34. D. Johnson, M. Bidez, and L. DeLucas Hazard analysis and risk assessment in the development of biomedical drug formulation equipment Annals of Biomedical Engineering 40 2012 898 906 doi:10.1007/s10439-011-0451-x
35. B. Kaiser, V. Klaas, S. Schulz, C. Herbst, and P. Lascych Integrating system modelling with safety activities E. Schoitsch, Computer Safety, Reliability, and Security 2010 Springer Berlin/Heidelberg 452 465 volume 6351 of Lecture Notes in Computer Science
36. Kang, K.; Cohen, S.; Hess, J.; Novak, W.; Peterson, A.S.; 1990. Feature-oriented Domain Analysis (FODA) Feasibility Study. Technical Report; Software Engineering Institute, Carnegie Mellon University, defense Technical Information Center OAI-PMH Repository.
37. Karpati, P.; Sindre, G.; Opdahl, A.L.; 2010. Towards a Hacker Attack Representation Method. In: Proceedings of the 5th ICSOFT, INSTICC Press, pp. 92-101.
38. Kitchenham, B.; 2004. Procedures for Performing Systematic Reviews. Technical Report Joint Technical Report Keele University Technical Report TR/SE-0401 and NICTA Technical Report 0400011T.1. Software Engineering Group Department of Computer Science Keele University and Empirical Software Engineering National ICT Australia Ltd.
39. B. Kordy, S. Mauw, S. Radomirovic, and P. Schweitzer Foundations of attackdefense trees P. Degano, S. Etalle, J. Guttman, Formal Aspects of Security and Trust 2011 Springer Berlin/Heidelberg 80 95 volume 6561 of Lecture Notes in Computer Science
40. A. van Lamsweerde Elaborating security requirements by construction of intentional anti-models Proceedings of the 26th International Conference on Software Engineering IEEE Computer Society, ICSE '04, Washington, DC, USA 2004 148 157
41. A. van Lamsweerde, and E. Letier Handling obstacles in goal-oriented requirements engineering IEEE Transactions on Software Engineering 26 10 2000 978 1005
42. C. Lauer, R. German, and J. Pollmer Fault tree synthesis from UML models for reliability analysis at early design stages SIGSOFT Softw Eng Notes 36 1 2011 1 8
43. S. Lauesen, and M. Kuhail Task descriptions versus use cases Requirements Engineering 17 2012 3 18 10.1007/s00766-011-0140-1
44. G. Lei, and Z. Shuguang Safety requirements analysis for control law development of UAV flight control systems Procedia Engineering 17 0 2011 505 514 The 2nd International Symposium on Aircraft Airworthiness
45. E. Letier, and A. van Lamsweerde Deriving operational software specifications from system goals SIGSOFT Softw Eng Notes 27 6 2002 119 128
46. L. Lin, B. Nuseibeh, D. Ince, M. Jackson, and J. Moffett Introducing abuse frames for analysing security requirements Proceedings. 11th IEEE International Requirements Engineering Conference 2003 371 372
47. Lin, L.; Nuseibeh, B.A.; Ince, D.C.; Jackson, M.; Moffett, J.D.; 2003. Analysing Security Threats and Vulnerabilities Using Abuse Frames. Technical Report 2003/10. Department of Computing, Faculty of Mathematics and Computing, The Open University; Walton Hall, Milton Keynes, MK7 6AA, United Kingdom.
48. M.S. Lund, B. Solhaug, and K. Stølen Model-Driven Risk Analysis-The CORAS Approach 2011 Springer
49. R. Mader, E. Armengaud, A. Leitner, C. Kreiner, Q. Bourrouilh, G. Grienig, C. Steger, and R. Wei Computer-aided PHA, FTA and FMEA for automotive embedded systems F. Flammini, S. Bologna, V. Vittorini, Computer Safety, Reliability, and Security 2011 Springer Berlin/Heidelberg 113 127 volume 6894 of Lecture Notes in Computer Science
50. R. Mader, G. Griessnig, A. Leitner, C. Kreiner, Q. Bourrouilh, E. Armengaud, C. Steger, and R. Weiss A computer-aided approach to preliminary hazard analysis for automotive embedded systems 18th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS) 2011 169 178
51. N. Maiden, and S. Robertson Integrating creativity into requirements processes: experiences with an air traffic management system Proceedings. 13th IEEE International Conference on Requirements Engineering 2005 105 114
52. I. Morikawa, and Y. Yamaoka Threat tree templates to ease difficulties in threat modeling 14th International Conference on Network-Based Information Systems (NBiS) 2011 673 678
53. H. Mouratidis Secure software systems engineering: the secure tropos approach Journal of Software 6 2011 331 339
54. H. Mouratidis, and P. Giorgini Secure tropos: A security-oriented extension of the tropos methodology International Journal of Software Engineering and Knowledge Engineering 17 2 2007 285 309
55. H. Mouratidis, and P. Giorgini Enhancing secure tropos to effectively deal with security requirements in the development of multiagent systems M. Barley, H. Mouratidis, A. Unruh, D. Spears, P. Scerri, F. Massacci, Safety and Security in Multiagent Systems 2009 Springer Berlin/Heidelberg 8 26 volume 4324 of Lecture Notes in Computer Science
56. Myhrer P.T.; Stålhane T.;1; 2009. Student experiment using preliminary hazard analysis. empty.
57. B. Nuseibeh, and S. Easterbrook Requirements engineering: a roadmap Proceedings of the Conference on The Future of Software Engineering ACM, ICSE, New York, NY, USA 2000 35 46
58. H. Pardue, J. Landry, and A. Yasinsac A risk assessment model for voting systems using threat trees and monte carlo simulation First International Workshop on Requirements Engineering for e-Voting Systems (RE-VOTE) 2009 55 60
59. A. Pasquini, D. Eames, and J. Moffett The integration of safety and security requirements K. Kanoun, Computer Safety, Reliability and Security 1999 Springer Berlin/Heidelberg 685 Volume 1698 of Lecture Notes in Computer Science
60. L. Piètre-Cambacédès, and M. Bouissou Modeling safety and security interdepedencies with BDMP (Boolean logic Driven Markov Processes) Proceeding of the 2010 IEEE International Conference on Systems, Man, and Cybernetics (SMC 2010) Istanbul, Turkey 2010 2852 2861
61. Piètre-Cambacédès L.; Bouissou M. Cross-fertilization between safety and security engineering; 2012. Unpublished.
62. Piètre-Cambacédès L.; Chaudet C. The SEMA referential framework: avoiding ambiguities when dealing with security and safety issues. In: 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (CIP 2010). Washington, DC, USA Not included in the conference proceedings (selected for publication in IJCIP).
63. D.M. Rasmuson, and D.L. Kelly Common-cause failure analysis in event assessment Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability 222 4 2008 521 532
64. C. Raspotnig, P. Karpati, and V. Katta A combined process for elicitation and analysis of safety and security requirements I. Bider, T. Halpin, J. Krogstie, S. Nurcan, E. Proper, R. Schmidt, P. Soffer, S. Wrycza, W. Aalst, J. Mylopoulos, M. Rosemann, M.J. Shaw, C. Szyperski, W. Aalst, J. Mylopoulos, M. Rosemann, M.J. Shaw, C. Szyperski, Enterprise, Business-Process and Information Systems Modeling 2012 Springer Berlin/Heidelberg 347 361 Volume 113 of Lecture Notes in Business Information Processing
65. Raspotnig, C.; Katta, V.; Opdahl, A.L.; Stålhane, T 2012b. Towards Approaches for Analysis and Argumentation of Systems Safety and Security: Comparison of Techniques and Conceptual Model. Project report HWR-1002, revision 2; Halden Reactor Project; 2012. Internal report for HRP members until 2016.
66. C. Raspotnig, and A. Opdahl Supporting failure mode and effect analysis: A case study with failure sequence diagrams B. Regnell, D. Damian, Requirements Engineering: Foundation for Software Quality 2012 Springer Berlin Heidelberg 117 131 Volume 7195 of Lecture Notes in Computer Science
67. N. Rossing, M. Lind, N. Jensen, and S. Jrgensen A goal based methodology for hazop analysis Nuclear Safety and Simulation 1 2 2010 134 142 Symbio Community Forum and Harbin Engineering University
68. S. Sadvandi, N. Chapon, and L. Pitre-Cambacds Safety and security interdependencies in complex systems and SoS: challenges and perspectives O. Hammami, D. Krob, J.L. Voirin, Complex Systems Design and Management 2012 Springer Berlin/Heidelberg 229 241
69. SAM2003, 2003. ATCC building system safety assessment - functional hazard assessment. Technical Report SAF.ET1.ST03.1000.BUIL-01-00; Eurocontrol.
70. SAM2004, 2004. Functional hazard assessment guidance material b1. Eurocontrol Safety Assessment Methodology Task Force, 2nd ed.
71. SAM2006, 2006. Air navigation safety assessment methodology. Eurocontrol Safety Assessment Methodology Task Force, 2nd ed.
72. H. Schmidt Threat- and risk-analysis during early security requirements engineering ARES '10 International Conference on Availability, Reliability, and Security 2010 188 195
73. R. Schmidt, G. Riedel, and K. Kangas Risk assessment using design review based on failure mode Reliability and Maintainability Symposium (RAMS), 2011 Proceedings-Annual 2011 1 6
74. K. Schneider, K. Stapel, and E. Knauss Beyond documents: visualizing informal communication Requirements Engineering Visualization, REV '08 2008 31 40
75. Schneier, B.; 1999. Attack trees. Dr Dobb's Journal.
76. B. Schneier Secrets and Lies: Digital Security in a Networked World 2000 Wiley Chichester
77. L. Schnieder, E. Schnieder, and C. Stein Safety and security; two sides of the same coin: properties and relations? characteristics to refine? structure of terminology and its perception 5th Future Security Conference 2010
78. Sindre, G.; 2007. A look at misuse cases for safety concerns. In: Ralyt'e9, J.; Brinkkemper, S.; Henderson-Sellers, B. (Eds.). Situational Method Engineering: Fundamentals and Experiences. Springer Boston. volume 244 of IFIP International Federation for Information Processing, pp. 252-266.
79. G. Sindre, and A.L. Opdahl Eliciting security requirements with misuse cases Requirements Engineering 10 2005 34 44
80. D. Soliman, K. Thramboulidis, and G. Frey A methodology to upgrade legacy industrial systems to meet safety regulations 3rd International Workshop on Dependable Control of Discrete Systems (DCDS) 2011 141 147
81. T. Srivatanakul, J. Clark, and F. Polack Effective security requirements analysis: Hazop and use cases K. Zhang, Y. Zheng, Information Security 2004 Springer Berlin/Heidelberg 416 427 Volume 3225 of Lecture Notes in Computer Science
82. T. Stålhane, and G. Sindre A comparison of two approaches to safety analysis based on use cases Proceedings of the 26th International Conference on Conceptual Modeling Springer-Verlag, Berlin, Heidelberg 2007 423 437
83. D. Stamatis Failure Mode and Effect Analysis: FMEA from Theory to Execution 2003 ASQ Quality Press
84. A. Talukder, V. Maurya, B. Santhosh, E. Jangam, S. Muni, K. Jevitha, S. Saurabh, and A. Pais Security-aware software development life cycle (SaSDLC)-processes and tools IFIP International Conference on Wireless and Optical Communications Networks, WOCN '09 2009 1 5
85. Travis, C.; 2010. Security Requirements Reusability and the SQUARE Methodology. Technical Report CMU/SEI-2010-TN-027. Software Engineering Institute.
86. D. Wallace, D. Kuhn, and L. Ippolito An analysis of selected software safety standards Computer Assurance, 1992. COMPASS '92. Proceedings of the Seventh Annual Conference on 'Systems Integrity, Software Safety and Process Security: Building the System Right.' 1992 123 136
87. R. Winther, O.A. Johnsen, and B.A. Gran Security assessments of safety critical systems using HAZOPs Proceedings of the 20th International Conference on Computer Safety, Reliability and Security, SAFECOMP '01 Springer-Verlag, London, UK 2001 14 24
88. B. Yin, and Z. Jin Extending the problem frames approach for capturing non-functional requirements IEEE/ACIS 11th International Conference on Computer and Information Science (ICIS) 2012 432 437
89. Yin, R.; 2008. Case Study Research: Design and Methods, 4th ed. Volume 5 of Applied Social Research Methods Series. SAGE Publications.
90. S. Yoon, J. Jo, and J. Yoo A domain-specific safety analysis for digital nuclear plant protection systems 5th International Conference on Secure Software Integration Reliability Improvement Companion (SSIRI-C) 2011 68 75