Abstract
Meeting secure and usable design goals needs the combined effort of safety, security and human factors experts. Human factors experts rely on a combination of cognitive and hierarchical task analysis techniques to support their work. We present an approach where use-case specifications are used to support task analysis, and human failure levels help identify design challenges leading to errors or mistakes. We illustrate this approach by prototyping the role of the European Railway Traffic Management System (ERTMS) - Signaller, which provides human factors experts a chance to work in collaboration with safety and security design experts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
The complete CAIRIS model of this analysis is available at https://github.com/s5121191/CRITIS-21.
References
Affairs, A.S.F.P.: Task Analysis, September 2013. /how-to-and-tools/methods/task-analysis.html
Al-Shargie, F., Tariq, U., Mir, H., Alawar, H., Babiloni, F., Al-Nashash, H.: Vigilance decrement and enhancement techniques: a review. Brain Sci. 9(8), 178 (2019). https://doi.org/10.3390/brainsci9080178
Altaf, A., Faily, S., Dogan, H., Mylonas, A., Thron, E.: Identifying safety and human factors issues in rail using IRIS and CAIRIS. In: Katsikas, S., et al. (eds.) CyberICPS/SECPRE/SPOSE/ADIoT -2019. LNCS, vol. 11980, pp. 98–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42048-2_7
Atzeni, A., Cameroni, C., Faily, S., Lyle, J., Flechais, I.: Here’s Johnny: a methodology for developing attacker personas. In: 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, pp. 722–727. IEEE, August 2011. https://doi.org/10.1109/ARES.2011.115
Brostoff, S., Sasse, A.: Safe and sound: a safety-critical approach to security, p. 10 (2001)
Cao, S., Liu, Y.: Modelling workload in cognitive and concurrent tasks with time stress using an integrated cognitive architecture. Int. J. Hum. Factors Model. Simul. 5, 113 (2015). https://doi.org/10.1504/IJHFMS.2015.075360
Cockburn, A.: Basic use case template vol. 8, no. 2, October 1998
Cockburn, A., Bank, N.: Structuring use cases with goals, December 1997
Conway, D., Dick, I., Li, Z., Wang, Y., Chen, F.: The effect of stress on cognitive load measurement. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013. LNCS, vol. 8120, pp. 659–666. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40498-6_58
Cooper, A.: The Inmates Are Running the Asylum. Macmillan Publishing Co., London (1999)
Crandall, B., Klein, G., Hoffman, R.R.: Working Minds: A Practitioner’s Guide to Cognitive Task Analysis. MIT Press, Cambridge (2006)
Dardenne, A., van Lamsweerde, A., Fickas, S.: Goal-directed requirements acquisition. Sci. Comput. Program. 20(1), 3–50 (1993). https://doi.org/10.1016/0167-6423(93)90021-G
Davis, W., Burton, A.: Ecological task analysis: translating movement behavior theory into practice. Adapt. Phys. Activ. Q. 8, 154–177 (1991). https://doi.org/10.1123/apaq.8.2.154
Diaper, D., Stanton, N.: The Handbook of Task Analysis for Human-Computer Interaction. CRC Press, Mahwah (2004)
Embrey, D.: Task analysis techniques, p. 14 (2000)
Embrey, D.D., Zaed, S.: A set of computer based tools identifying and preventing human error in plant operations, p. 11 (2021)
Erbacher, R.F., Frincke, D.A., Wong, P.C., Moody, S., Fink, G.: A multi-phase network situational awareness cognitive task analysis. Inf. Vis. 9(3), 204–219 (2012). https://doi.org/10.1057/ivs.2010.5
ERTMS: A day in the life of a train - operational concept, April 2019
European Network and Information Security Agency: Railway Cybersecurity: Security Measures in the Railway Transport Sector. Publications Office, LU (2020)
Faily, S.: Designing Usable and Secure Software with IRIS and CAIRIS. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75493-2
Faily, S., Fléchais, I.: Barry is not the weakest link: eliciting secure system requirements with personas, p. 8, September 2010
Faily, S., Flechais, I.: User-centered information security policy development in a Post-Stuxnet world. In: 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria, pp. 716–721. IEEE, August 2011. https://doi.org/10.1109/ARES.2011.111
Felice, F.D., Petrillo, A.: Methodological approach for performing human reliability and error analysis in railway transportation system. Int. J. Eng. Technol. 3(5), 341–353 (2011)
Golightly, D., Balfe, N., Sharples, S., Lowe, E.: Measuring situation awareness in rail signaling. In: Rail Human Factors Around the World: Impacts on and of People for Successful Rail Operations, pp. 361–369, April 2009. https://doi.org/10.1201/b12742-43
Hammerl, M., Vanderhaegen, F.: Human factors in the railway system safety analysis process. In: 3rd International Rail Human Factors Conference, p. 9 (2009)
Jen, R.: How to increase risk awareness. In: PMI® Global Congress 2012. PA: Project Management Institute, Vancouver, British Columbia, Canada, North America (2012)
Jonsson, E., Olovsson, T.: On the integration of security and dependability in computer systems, p. 6 (1998)
Martin, K.: Understanding railway signaller tasks and operations, February 2020
Militello, L., Hutton, R.: Applied Cognitive Task Analysis (ACTA): a practitioner’s toolkit for understanding cognitive task demands. Ergonomics 41, 1618–41 (1998). https://doi.org/10.1080/001401398186108
Nielsen, L.: Personas - User Focused Design. Human–Computer Interaction Series. Springer, London (2013). https://doi.org/10.1007/978-1-4471-4084-9
Norman, D.: Emotional design: why we love (or hate) everyday things. J. Am. Cult. 27(2), 234 (2004)
Pruitt, J., Grudin, J.: Personas: practice and theory. In: Proceedings of the 2003 Conference on Designing for User Experiences, DUX’03, pp. 1–15. ACM, New York (2003). https://doi.org/10.1145/997078.997089
Rail, N.: Network rail - signalling control centers, June 2018
Reason, J.: Human Error (1990). https://doi.org/10.1017/CBO9781139062367
RSSB: Operational Concept for ERTMS, June 2014
Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, Hoboken (2000)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005). https://doi.org/10.1007/s00766-004-0194-4
Toulmin, S.E.: The Uses of Argument, p. 259 (2003)
Wiegmann, D.A., Shappell, S.A.: A Human Error Approach to Aviation Accident Analysis: The Human Factors Analysis and Classification System, 1 edn. Routledge, Aldershot, Burlington, July 2003
Zhou, J.L., Lei, Y.: Paths between latent and active errors: analysis of 407 railway accidents/incidents’ causes in China. Saf. Sci. 110, 47–58 (2018). https://doi.org/10.1016/j.ssci.2017.12.027
Acknowledgements
The work described in this paper was funded by the BU studentship Integrating Safety, Security, and Human Factors Engineering in Rail Infrastructure Design & Evaluation. We are also grateful to Ricardo for their support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Altaf, A., Faily, S., Dogan, H., Mylonas, A., Thron, E. (2021). Use-Case Informed Task Analysis for Secure and Usable Design Solutions in Rail. In: Percia David, D., Mermoud, A., Maillart, T. (eds) Critical Information Infrastructures Security. CRITIS 2021. Lecture Notes in Computer Science(), vol 13139. Springer, Cham. https://doi.org/10.1007/978-3-030-93200-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-93200-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93199-5
Online ISBN: 978-3-030-93200-8
eBook Packages: Computer ScienceComputer Science (R0)