Skip to main content
SpringerLink
Log in

A Comparison of Two Approaches to Safety Analysis Based on Use Cases

  • Conference paper
Conceptual Modeling - ER 2007 (ER 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4801))

Included in the following conference series:

Abstract

Engineering has a long tradition in analyzing the safety of mechanical, electrical and electronic systems. Important methods like HazOp and FMEA have also been adopted by the software engineering community. The misuse case method, on the other hand, has been developed by the software community as an alternative to FMEA and preliminary HazOp for software development. To compare the two methods misuse case and FMEA we have run a small experiment involving 42 third year software engineering students. In the experiment, the students should identify and analyze failure modes from one of the use cases for a commercial electronic patient journals system. The results of the experiment show that on the average, the group that used misuse cases identified and analyzed more user related failure modes than the persons using FMEA. In addition, the persons who used the misuse cases scored better on perceived ease of use and intention to use.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Firesmith, D.G.: Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements. Journal of Object Technology 3, 27–42 (2004)

    Google Scholar 

  2. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Dignum, F.P.M., Greaves, M. (eds.) Issues in Agent Communication. LNCS, vol. 1916, Springer, Heidelberg (2000)

    Google Scholar 

  3. Lutz, R.R.: Software Engineering for Safety: A Roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 213–226. ACM Press, New York (2000)

    Google Scholar 

  4. Jacobson, I., Christerson, M., Jonsson, P., Overgaard, G.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, Boston (1992)

    MATH  Google Scholar 

  5. Poels, G., Burton-Jones, A., Gemino, A., Parsons, J., Ramesh, V.: Experimental Research on Conceptual Modeling: What Should We Be Doing and Why? In: Embley, D.W., Olivé, A., Ram, S. (eds.) ER 2006. LNCS, vol. 4215, pp. 544–547. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Allenby, K., Kelly, T.: Deriving Safety Requirements Using Scenarios. In: Nuseibeh, B., Easterbrook, S. (eds.) Fifth IEEE International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp. 228–235. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  7. Guidelines, S.A.E.: Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. Society of Automotive Engineers (1996)

    Google Scholar 

  8. Redmill, F., Chudleigh, M., Catmur, J.: System Safety: HAZOP and Software HAZOP. Wiley, Chichester, UK (1999)

    Google Scholar 

  9. Kim, H.-K., Chung, Y.-K.: Automatic Translation from Requirements Model into Use Cases Modeling on UML. In: Gervasi, O., Gavrilova, M., Kumar, V., Laganà, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, pp. 769–777. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Hause, M.: Use-cases to aid safe design. Electronics Systems and Software 2, 38–41 (2004)

    Article  Google Scholar 

  11. Pettit IV, R.G., Street, J.A.: Lessons Learned Applying UML in the Design of Mission-Critical Software. In: Nunes, N.J., Selic, B., Rodrigues da Silva, A., Toval Alvarez, A. (eds.) UML Modeling Languages and Applications. LNCS, vol. 3297, pp. 129–137. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Ebnenasir, A., Cheng, B.H.C., Konrad, S.: Use Case-Based Modeling and Analysis of Failsafe Fault-Tolerance. In: Glinz, M. (ed.) 14th IEEE International Requirements Engineering Conference (RE’06), St.Louis, USA, pp. 343–344. IEEE Computer Society Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  13. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10, 34–44 (2005)

    Article  Google Scholar 

  14. Alexander, I.F.: Initial Industrial Experience of Misuse Cases in Trade-Off Analysis. In: Pohl, K. (ed.) 10th Anniversary IEEE Joint International Requirements Engineering Conference (RE’02), Essen, Germany, pp. 9–13. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  15. Alexander, I.F.: Misuse Cases, Use Cases with Hostile Intent. IEEE Software 20, 58–66 (2003)

    Article  Google Scholar 

  16. Gran, B.A., Fredriksen, R., Thunem, A.P.-J.: An Approach for Model-Based Risk Assessment. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 311–324. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Jürjens, J.: Developing Safety-Critical Systems with UML. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 144–159. Springer, Heidelberg (2003)

    Google Scholar 

  18. Hungar, H.: UML-basierte Entwicklung sikkerheitskritische Systemen im Bahnbereich. Dagstuhl Workshop on Model-Based Development of Embedded Systems, Dagstuhl, Germany (January, 9-13), pp. 63-64. Tech Univ Braunschweig (2006)

    Google Scholar 

  19. Berkenkötter, K., Hannemann, U., Peleska, J., HYBRIS,: HYBRIS - Efficient Specification and Analysis of Hybrid Systems - Part III: RCSD - A UML 2.0 Profile for the Railway Control System Domain (Draft Version). Univ. Bremen, Germany (2006)

    Google Scholar 

  20. Tenzer, J.: Exploration games for safety-critical system design with UML 2.0. In: Fernandez, E.B., et al. (eds.): 3rd International Workshop on Critical Systems Development with UML, CSDUML’04, Lisbon, Portugal, 12 Oct, Technical Report I0415. pp. 41-55. Technische Universität München, (2004)

    Google Scholar 

  21. Stålhane, T., Pham, H.T.: Assessment and Analysis of Robustness for a Web-Based System. In: Isaias, P., et al. (eds.) IADIS International Conference on WWW/Internet, Murcia, Spain, 5-8 October, IADIS Press (2006)

    Google Scholar 

  22. Lauritzen, T., Stålhane, T.: Safety Methods in Software Process Improvement. In: Richardson, I., Abrahamsson, P., Messnarz, R. (eds.) Software Process Improvement. LNCS, vol. 3792, pp. 95–105. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Fernandez-Medina, E., Trujillo, J., Villaroel, R., Piattini, M.: Extending UML for Designing Secure Data Warehouses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, Springer, Heidelberg (2004)

    Google Scholar 

  24. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Capturing Security Requirements in Business Processes through a UML 2. In: Roddick, J.F., Benjamins, V.R., Si-Saïd Cherfi, S., Chiang, R., Claramunt, C., Elmasri, R., Grandi, F., Han, H., Hepp, M., Lytras, M., Mišić, V.B., Poels, G., Song, I.-Y., Trujillo, J., Vangenot, C. (eds.) ER 2006. LNCS, vol. 4231, Springer, Heidelberg (2006)

    Google Scholar 

  25. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  26. Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 322–331. Springer, Heidelberg (2006)

    Google Scholar 

  27. Sindre, G.: Mal-activity diagrams to capture attacks on business processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007, Trondheim, Norway, 11-12 June. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)

    Google Scholar 

  28. Sindre, G., Opdahl, A.L.: Capturing Dependability Threats in Conceptual Modelling. In: Krogstie, J., et al. (eds.) Conceptual Modelling in Information Systems Engineering, pp. 247–260. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  29. Diallo, M.H., Romero-Mariona, J., Sim, S.E., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. REFSQ’06, Luxembourg (2006)

    Google Scholar 

  30. Sindre, G.: A look at misuse cases for safety concerns. In: Henderson-Sellers, B., et al. (eds.) IFIP WG8.1 Working Conference on Situational Method Engineering: Fundamentals and Experiences (ME’07), Geneva, Switzerland. IFIP Series, Springer, Heidelberg (2007)

    Google Scholar 

  31. Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from theory to execution. American Society for Quality (ASQ), Milwaukee, Wisconsin (1995)

    Google Scholar 

  32. Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science 35, 982–1003 (1989)

    Article  Google Scholar 

  33. Tukey, J.W.: Data analysis and behavioral science or learning to bear the quantitative’s man burden by shunning badmandments. In: Jones, L.W. (ed.) The Collected Works of John W. Tukey, Wadsworth, Monterey, CA. Tukey, vol. III, pp. 187–389 (1986)

    Google Scholar 

  34. Hopkins, W.G.: A New View of Statistics. University of Queensland, Australia, Brisbane (2001)

    Google Scholar 

  35. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Norwell, MA, USA (2000)

    Book  MATH  Google Scholar 

  36. Runeson, P.: Using Students as Experiment Subjects – An Analysis on Graduate and Freshmen Student Data. In: Linkman, S. (ed.) 7th International Conference on Empirical Assessment & Evaluation in Software Engineering (EASE’03), pp. 95–102. Keele University, Staffordshire, UK (2003)

    Google Scholar 

  37. Arisholm, E., Sjøberg, D.I.K.: Evaluating the Effect of a Delegated versus Centralized Control Style on the Maintainability of Object-oriented Software. IEEE Transactions on Software Engineering 30, 521–534 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer and Info. Science, Norwegian Univ. of Sci. and Tech (NTNU), Norway

    Tor Stålhane & Guttorm Sindre

Authors
  1. Tor Stålhane
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guttorm Sindre
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Christine Parent Klaus-Dieter Schewe Veda C. Storey Bernhard Thalheim

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stålhane, T., Sindre, G. (2007). A Comparison of Two Approaches to Safety Analysis Based on Use Cases. In: Parent, C., Schewe, KD., Storey, V.C., Thalheim, B. (eds) Conceptual Modeling - ER 2007. ER 2007. Lecture Notes in Computer Science, vol 4801. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75563-0_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75563-0_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75562-3

  • Online ISBN: 978-3-540-75563-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation