Abstract
In this paper, we present an approach to find threats together with hazards. We’ve already presented the hazard identification approach in [1]. In this paper, it is elaborated and extended to identify threats too. The basic approach is the same as the previous paper and has four steps. First of all, we roughly describe the static structure and dynamic behaviour. Then using the goal-oriented approach, we depict the goal tree of a system. The top goal of the tree is the most abstract representation of a system and we will divide it repeatedly. If S is a sentence as a description of each goal, we can make the new sentence S-* by applying the guideword of HAZOP [2] (when we adopt the NO guideword, we name the new sentence S-NO, asterisk means the meta-character here). S is a desirable goal; S-* is an undesirable goal (i.e. anti-goal [3]). Using the previous static structure and dynamic behaviour, we then consider whether it is possible to create this negative situation caused by the malfunction of each node or attack to a relation between nodes. The exhaustiveness is important for finding hazards and threats. In our methods, we check them in two ways. One is the checking of the sentence of the goal description using the guideword; the other covers every structural and dynamic elements of a target system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ito, M.: An approach to manage the concept phase of ISO 26262. In: Euro SPI 2013. DELTA, Dundalk (2013)
CEI/IEC, Hazard and operability studies (HAZOP studies) - Application guide, CEI/IEC 61882:2001, IEC (2001)
van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering. IEEE Computer Society (2004)
Shi, J., et al.: A survey of cyber-physical systems. In: 2011 International Conference on Wireless Communications and Signal Processing (WCSP). IEEE (2011)
Kleidermacher, D., Kleidermacher, M.: Embedded systems security: practical methods for safe and secure software and systems development, 1st edn., xx, 396 p. Elsevier, Amsterdam (2012)
Lund, M.S., Solhaug, B., Stølen, K.: Model-driven risk analysis: the CORAS approach. Springer (2010)
Brændeland, G., Dahl, H.E.I., Engan, I., Stølen, K.: Using dependent CORAS diagrams to analyse mutual dependency. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 135–148. Springer, Heidelberg (2008)
Henniger, O., et al.: Securing vehicular on-board it systems: The evita project. In: VDI/VW Automotive Security Conference (2009)
OMG, OMG Systems Modeling Language (OMG SysML) V1.1, formal/2008-11-01, OMG (2008)
D’Souza, D.F., Wills, A.C.: Objects, Components, and Frameworks with UML: The Catalysis Approach. Addison-Wesley Professional (1998)
van Lamsweerde, A.: Requirements engineering: from system goals to UML models to software specifications. John Wiley & Sons Ltd. (2009)
Kletz, T.A.: Hazop and hazan: identifying and assessing process industry hazards, 3rd edn., viii, p. 150. Institute of Chemical Engineers. Rugby (1992)
Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001)
Van Arem, B., van Driel, C.J., Visser, R.: The impact of cooperative adaptive cruise control on traffic-flow characteristics. IEEE Transactions on Intelligent Transportation Systems 7(4), 429–436 (2006)
Leveson, N.: Engineering a safer world: Systems thinking applied to safety. MIT Press (2011)
Young, W., Leveson, N.G.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014)
Kelling, E., et al.: Specification and evaluation of e-security relevant use cases. EVITA Deliverable D2.1, EVITA project (2009)
Ruddle, A., et al.: Security requirements for automotive on-board networks based on dark-side scenarios. EVITA Deliverable D2.3, EVITA project (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ito, M. (2014). Finding Threats with Hazards in the Concept Phase of Product Development. In: Barafort, B., O’Connor, R.V., Poth, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2014. Communications in Computer and Information Science, vol 425. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43896-1_25
Download citation
DOI: https://doi.org/10.1007/978-3-662-43896-1_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43895-4
Online ISBN: 978-3-662-43896-1
eBook Packages: Computer ScienceComputer Science (R0)