Abstract
Use cases and misuse cases, respectively, state the interactions that an actor can have and a mal-actor be prevented from having with a system. The cases do not specify either the security requirements or the associated attributes that a system must possess to operate in a secure manner. We present an algorithmic, domain-independent approach rooted in verb–noun analysis of use cases and misuse cases to generate system requirements and the associated security attributes. We illustrate the utility of this general five-step method using Positive train control (PTC) (a command and control system used to navigate trains in a railway grid) as a case study. This approach allows the designer to protect against the effect of wireless vulnerabilities on the safety of PTC systems.
Similar content being viewed by others
References
Checkland P, Scholes J (1990) Soft system methodology in action. Wiley, New York
QFD Institute (2005) Frequently asked questions about QFD
Systems designers (1986) Scientific core-the method: user manual. SD-Scicon
Mullery G (1979) Core: a method for controlled requirements specification. In: Proceedings 4th international conference on software engineering (ICSE-4), Munich, Germany, pp 17–19
Kunz W, Rittel H Issues as elements of information systems, working paper. In: Berkeley institute of urban and regional development, University of California
Wood J, Silver D (1995) Joint application development, 2nd edn. Wiley, New York
Kang K, Cohen S, Hess J, Novack W, Peterson A (1990) Feature-oriented domain analysis feasibility study (CMU/SEI-90-TR-021, ADA235785). Software Engineering Institute, Carnegie Mellon University, Pittsburgh
Hubbard R, Mead N, Schroeder C (2000) An assessment of the relative efficiency of a facilitator-driven requirements collection process with respect to the conventional interview method. In: International Conference on Requirements Engineering, Los Alamitos
Sindre G, Opdahl A (2001) Capturing security requirements through misuse cases, proceedings, NorskInformatikkonferanse. Universiteteti Troms, Norway
Sindre G, Opdahl A (2000) Eliciting security requirements by misuse cases. In: Proceedings 37th international conference on technology of object-oriented languages (Tools 37-Pacific 2000) Sydney, Australia
Larman C (1998) Applying UML and patterns. In: An introduction to Object Oriented analysis and design, Prentice-Hall, NJ
Alexander I (2003) Misuse cases: use cases with Hostile Intent. IEEE Softw 20(1)
Sindre G, Opdahl A (2001) Templates for misuse case description. In: Proceedings requirements engineering, foundations of software quality, Interlaken Switzerland
(1999) Common criteria implementation board, common criteria for information technology security evaluation, part 2: security functional requirments ISO/IEC 15408–1. Int Stand Organ
Ware M (2006) Using common criteria to elicit security requirements with use cases. In: Proceedings of the IEEE southeastern conference, Tennessee
McDermott J, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th Annual IEEE computer security applications conference
Nuseibh B, Lin L et al (2003) Introducing abuse frames for analyzing security requirements. In: Proceedings of the 11th IEEE international requirements, Engineering Conference
Whitmore J (2001) A method for designing secure solutions. IBM Syst J 40(3)
Diallo M, Romero-Mariona J et al (2006) A comparative evaluation of three approaches to specifying security requirements. In: 12th International workshop on requirements engineering foundations for software quality (REFSQ’ 06), Luxembourg
Nuseibeh B, Haley C, Lanley R (2004) Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd international conference on aspect-oriented software development, Lancaster, UK
Object management group (2006) UML 2.0 OCL specification OMG
Ddahl H, Hoggenvik I, Stohen K (2007) Structured semantics for the CORAS security risk modelling language, SINTEF ICT. Technical, Report A970
Rumbaugh J (1994) Getting started: using use cases to capture requirements. J Object Oriented Program
Jacobson I (1992) Object-Oriented software engineering: a use case driven approach. Addison-Wesley
(2005) International standards organization, ISO/IEC 19501:2005 unified modeling language (UML) version 1.4.2, ISO
Alexander I (2002) Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of 10th IEEE joint international requirements engineering conference (RE02), Essen, Germany
Collins M (1999) Head driven statistical models for natural language parsing. Doctoral Disertation, University of Pennsylvania
Benoit S, Overmyer S, Rambow B (2001) Conceptual modeling through linguistic analysis using LIDA. In: Proceedings 23rd international conference on software engineering (ICSE 2001), Toronto, Canada
(1999) In: Landau S (ed) Cambridge dictionary of American English, Cambridge university press
Hartong M, Goel R, Wijesekera D (2006) Communications based positive train control systems architecture in the USA. In: Proceedings 63rd IEEE international vehicle technology conference Melbourne, Australia
(1994) Federal railroad administration, railroad communications and train control, report to congress
(1999) Federal railroad administration, report of the railroad safety advisory committee to the federal railroad administrator. Implement Posit Train Control Syst
(2004) Association of American railroads, policy and economics department, US freight railroad. Stat
(2003) US surface transportation board, office Of economics. In: Environmental analysis and administration, Statistics Of Class I Freight railroads in the United States
(2003) National transportation atlas databases (NTAD), federal railroad administration(FRA) national rail network 1:100,000 (line). In: Bureau of transportation statistics (BTS), Washington, DC
(2005) Congressional research service of the library of congress. In: Terrorist capabilities for cyber attack- overview and policy issues, Report RL33123, Washington, DC
(2002) Computer science and telecommunications board. In: National research council cybersecurity today and tomorrow: pay now or pay later, National academies press, Washington, DC
The President’s National Security Telecommunications Advisory Committee (2003) Wireless task force report wireless, security
(2003) Cybersecurity of freight information systems TRB special report 274. In: Transportation research board of the national academy of sciences, Washington, DC
Chittester C, Haines Y (2004) Risks of terrorism to information technology and to critical interdependent infrastructure. J Homel Secur Emerg Manage 1(4)
Weinstein B, Clower T (1998) The impact of the union pacific service disruptions on the Texas and national economies: an unfinished story. Railr Comm Texas
Rush W (2004) Engaging in worm warfare. Infoworld Media Group, San Francisco
(2005) United States national transportation safety board, report of railroad accident: collision of Norfolk southern freight train 192 with standing Norfolk Southern local train P22 with subsequent hazardous materials release. Graniteville, South Carolina, NTSB/RAR-05/04
Register Federal (2005) 49 CFR Parts 209, 234, and 236 standards for the development and use of processor based signal and train control systems. Final Rule
Carlson A, Frincke D, Laude M (2003) Railway security issues: a survey of developing railway technology. In: Proceedings of the international conference on computer, communications and Control technology, International Institute of Informatics and Systemic
Craven P (2004) A brief look at railroad communication vulnerabilities. In: Proceedings 2004 IEEE intelligent transportation systems conference, Washington, DC
Craven P, Craven S (2005) Security of ATCS wireless railway communications. In: Proceedings of the 2005 joint rail conference. Pueblo, CO.
Hartong M, Goel R, Wijesekera D (2006) Communications security in communications based train control. In: Tenth international conference on computer system design and operation in the railway and other transit systems, Prague, Czech Republic
Hartong M, Goel R, Wijesekera D (2006) Mapping use cases to functional fault trees in order to secure positive train control systems. In: Proceedings of 9th international conference on applications of advanced technology in transportation engineering, IL, Chicago
Hartong M, Goel R, Wijesekera D (2006) Key management requirments for positive train control communications security. In: Proceedings of the (2006) IEEE/ASME joint rail conference, Atlanta, GA
Warmer J, Kleppe A (1998) The object constraint language: precise modeling with UM. Addison-Wesley
Sendal S, Strohmeier A (2000) From use cases to system operation specifications, UML 2000—The unified modeling language. In: Kent, Evans (eds) 3rd international conference. Lecture notes in computer science, number 1939, UK, Springer-Verlag
(2004) Federal railroad administration benefits and costs of positive train control. Report Response Req Appropr Comm
(2004) United States general accounting office, GAO testimony before the subcommittee on technology information policy, intergovernmental relations and the census, house committee on government reform. Crit Infrastruct Protect Chall Efforts Secur Control Syst
(2006) US department of homeland security, office of grants and training FY 2006 infrastructure protection program. Intercity Passeng Rail Secur Progr Guidel Appl Kit
American association of state highway and transportation officials (2002) Transportation-invest in America: freight-rail bottom line report. http://freight.transportation.org/ doc/ FreightRailReport.pdf
(2006) Burlington Northern Santa Fe Railway, Product safety plan version 2.1
Author information
Authors and Affiliations
Corresponding author
Additional information
The views and opinions expressed herein are that of the authors and do not necessarily state or reflect those of the United States Government, the Department of Transportation, or the Federal Railroad Administration, and shall not be used for advertising or product endorsement purposes.
Rights and permissions
About this article
Cite this article
Hartong, M., Goel , R. & Wijesekera, D. Security requirement derivation by noun–verb analysis of use–misuse case relationships: a case study using positive train control. Innovations Syst Softw Eng 10, 103–122 (2014). https://doi.org/10.1007/s11334-013-0227-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-013-0227-6