Abstract
Engineering has a long tradition in analyzing the safety of mechanical, electrical and electronic systems. Important methods like HazOp and FMEA have also been adopted by the software engineering community. The misuse case method, on the other hand, has been developed by the software community as an alternative to FMEA and preliminary HazOp for software development. To compare the two methods misuse case and FMEA we have run a small experiment involving 42 third year software engineering students. In the experiment, the students should identify and analyze failure modes from one of the use cases for a commercial electronic patient journals system. The results of the experiment show that on the average, the group that used misuse cases identified and analyzed more user related failure modes than the persons using FMEA. In addition, the persons who used the misuse cases scored better on perceived ease of use and intention to use.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Firesmith, D.G.: Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements. Journal of Object Technology 3, 27–42 (2004)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Dignum, F.P.M., Greaves, M. (eds.) Issues in Agent Communication. LNCS, vol. 1916, Springer, Heidelberg (2000)
Lutz, R.R.: Software Engineering for Safety: A Roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 213–226. ACM Press, New York (2000)
Jacobson, I., Christerson, M., Jonsson, P., Overgaard, G.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, Boston (1992)
Poels, G., Burton-Jones, A., Gemino, A., Parsons, J., Ramesh, V.: Experimental Research on Conceptual Modeling: What Should We Be Doing and Why? In: Embley, D.W., Olivé, A., Ram, S. (eds.) ER 2006. LNCS, vol. 4215, pp. 544–547. Springer, Heidelberg (2006)
Allenby, K., Kelly, T.: Deriving Safety Requirements Using Scenarios. In: Nuseibeh, B., Easterbrook, S. (eds.) Fifth IEEE International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp. 228–235. IEEE Computer Society Press, Los Alamitos (2001)
Guidelines, S.A.E.: Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. Society of Automotive Engineers (1996)
Redmill, F., Chudleigh, M., Catmur, J.: System Safety: HAZOP and Software HAZOP. Wiley, Chichester, UK (1999)
Kim, H.-K., Chung, Y.-K.: Automatic Translation from Requirements Model into Use Cases Modeling on UML. In: Gervasi, O., Gavrilova, M., Kumar, V., Laganà , A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, pp. 769–777. Springer, Heidelberg (2005)
Hause, M.: Use-cases to aid safe design. Electronics Systems and Software 2, 38–41 (2004)
Pettit IV, R.G., Street, J.A.: Lessons Learned Applying UML in the Design of Mission-Critical Software. In: Nunes, N.J., Selic, B., Rodrigues da Silva, A., Toval Alvarez, A. (eds.) UML Modeling Languages and Applications. LNCS, vol. 3297, pp. 129–137. Springer, Heidelberg (2005)
Ebnenasir, A., Cheng, B.H.C., Konrad, S.: Use Case-Based Modeling and Analysis of Failsafe Fault-Tolerance. In: Glinz, M. (ed.) 14th IEEE International Requirements Engineering Conference (RE’06), St.Louis, USA, pp. 343–344. IEEE Computer Society Press, Los Alamitos (2006)
Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10, 34–44 (2005)
Alexander, I.F.: Initial Industrial Experience of Misuse Cases in Trade-Off Analysis. In: Pohl, K. (ed.) 10th Anniversary IEEE Joint International Requirements Engineering Conference (RE’02), Essen, Germany, pp. 9–13. IEEE Computer Society Press, Los Alamitos (2002)
Alexander, I.F.: Misuse Cases, Use Cases with Hostile Intent. IEEE Software 20, 58–66 (2003)
Gran, B.A., Fredriksen, R., Thunem, A.P.-J.: An Approach for Model-Based Risk Assessment. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 311–324. Springer, Heidelberg (2004)
Jürjens, J.: Developing Safety-Critical Systems with UML. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 144–159. Springer, Heidelberg (2003)
Hungar, H.: UML-basierte Entwicklung sikkerheitskritische Systemen im Bahnbereich. Dagstuhl Workshop on Model-Based Development of Embedded Systems, Dagstuhl, Germany (January, 9-13), pp. 63-64. Tech Univ Braunschweig (2006)
Berkenkötter, K., Hannemann, U., Peleska, J., HYBRIS,: HYBRIS - Efficient Specification and Analysis of Hybrid Systems - Part III: RCSD - A UML 2.0 Profile for the Railway Control System Domain (Draft Version). Univ. Bremen, Germany (2006)
Tenzer, J.: Exploration games for safety-critical system design with UML 2.0. In: Fernandez, E.B., et al. (eds.): 3rd International Workshop on Critical Systems Development with UML, CSDUML’04, Lisbon, Portugal, 12 Oct, Technical Report I0415. pp. 41-55. Technische Universität München, (2004)
Stålhane, T., Pham, H.T.: Assessment and Analysis of Robustness for a Web-Based System. In: Isaias, P., et al. (eds.) IADIS International Conference on WWW/Internet, Murcia, Spain, 5-8 October, IADIS Press (2006)
Lauritzen, T., Stålhane, T.: Safety Methods in Software Process Improvement. In: Richardson, I., Abrahamsson, P., Messnarz, R. (eds.) Software Process Improvement. LNCS, vol. 3792, pp. 95–105. Springer, Heidelberg (2005)
Fernandez-Medina, E., Trujillo, J., Villaroel, R., Piattini, M.: Extending UML for Designing Secure Data Warehouses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, Springer, Heidelberg (2004)
Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Capturing Security Requirements in Business Processes through a UML 2. In: Roddick, J.F., Benjamins, V.R., Si-Saïd Cherfi, S., Chiang, R., Claramunt, C., Elmasri, R., Grandi, F., Han, H., Hepp, M., Lytras, M., Mišić, V.B., Poels, G., Song, I.-Y., Trujillo, J., Vangenot, C. (eds.) ER 2006. LNCS, vol. 4231, Springer, Heidelberg (2006)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 322–331. Springer, Heidelberg (2006)
Sindre, G.: Mal-activity diagrams to capture attacks on business processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007, Trondheim, Norway, 11-12 June. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)
Sindre, G., Opdahl, A.L.: Capturing Dependability Threats in Conceptual Modelling. In: Krogstie, J., et al. (eds.) Conceptual Modelling in Information Systems Engineering, pp. 247–260. Springer, Heidelberg (2007)
Diallo, M.H., Romero-Mariona, J., Sim, S.E., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. REFSQ’06, Luxembourg (2006)
Sindre, G.: A look at misuse cases for safety concerns. In: Henderson-Sellers, B., et al. (eds.) IFIP WG8.1 Working Conference on Situational Method Engineering: Fundamentals and Experiences (ME’07), Geneva, Switzerland. IFIP Series, Springer, Heidelberg (2007)
Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from theory to execution. American Society for Quality (ASQ), Milwaukee, Wisconsin (1995)
Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science 35, 982–1003 (1989)
Tukey, J.W.: Data analysis and behavioral science or learning to bear the quantitative’s man burden by shunning badmandments. In: Jones, L.W. (ed.) The Collected Works of John W. Tukey, Wadsworth, Monterey, CA. Tukey, vol. III, pp. 187–389 (1986)
Hopkins, W.G.: A New View of Statistics. University of Queensland, Australia, Brisbane (2001)
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Norwell, MA, USA (2000)
Runeson, P.: Using Students as Experiment Subjects – An Analysis on Graduate and Freshmen Student Data. In: Linkman, S. (ed.) 7th International Conference on Empirical Assessment & Evaluation in Software Engineering (EASE’03), pp. 95–102. Keele University, Staffordshire, UK (2003)
Arisholm, E., Sjøberg, D.I.K.: Evaluating the Effect of a Delegated versus Centralized Control Style on the Maintainability of Object-oriented Software. IEEE Transactions on Software Engineering 30, 521–534 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stålhane, T., Sindre, G. (2007). A Comparison of Two Approaches to Safety Analysis Based on Use Cases. In: Parent, C., Schewe, KD., Storey, V.C., Thalheim, B. (eds) Conceptual Modeling - ER 2007. ER 2007. Lecture Notes in Computer Science, vol 4801. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75563-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-75563-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75562-3
Online ISBN: 978-3-540-75563-0
eBook Packages: Computer ScienceComputer Science (R0)