Applying a Goal-Oriented Method for Hazard Analysis: A Case Study

Traceability between hazards and countermeasures is important for hazard analysis to give confidence and help justify whether relevant hazards have been considered and sufficiently mitigated. However, use case modeling, the current de facto standard technique for requirements elicitation lacks negative modeling constructs for representing hazards. This paper presents a case study to apply a goal-oriented method for car security related hazard analysis where hazards are represented as operationalizations with negative contribution toward system non-functional requirements (NFRs). In turn, countermeasures are represented as operationalizations with negative contribution toward the respective hazards to negate their negative effect on the NFRs. The study finds that using the goal-oriented approach is most suitable for risk-driven applications, but also compatible and complementary to other applications

[1]  Peter A. Lindsay,et al.  Development of a hazard analysis technique for human computer systems , 2003 .

[2]  Sam Supakkul,et al.  A UML profile for goal-oriented and use case-driven representation of NFRs and FRs , 2005, Third ACIS Int'l Conference on Software Engineering Research, Management and Applications (SERA'05).

[3]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[4]  Bashar Nuseibeh,et al.  Introducing abuse frames for analysing security requirements , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[5]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[6]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[7]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[8]  Walter Dosch,et al.  Proceedings of the Second international conference on Software Engineering Research, Management and Applications , 2004 .

[9]  Sam Supakkul,et al.  Representing NFRs and FRs: A Goal-Oriented and Use Case Driven Approach , 2004, SERA.

[10]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[11]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[12]  Jon Doyle,et al.  Background to Qualitative Decision Theory , 1999, AI Mag..

[13]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[14]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[15]  Axel van Lamsweerde,et al.  Requirements engineering in the year 00: a research perspective , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[16]  Nancy G Leveson,et al.  Software safety: why, what, and how , 1986, CSUR.

[17]  John Mylopoulos,et al.  Representing and Using Nonfunctional Requirements: A Process-Oriented Approach , 1992, IEEE Trans. Software Eng..

[18]  John Mylopoulos,et al.  From object-oriented to goal-oriented requirements analysis , 1999, CACM.

[19]  Vasant Honavar,et al.  A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System , 2002, Requirements Engineering.

[20]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[21]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[22]  ChungLawrence,et al.  From object-oriented to goal-oriented requirements analysis , 1999 .