Skip to main content
SpringerLink
Log in

Security requirement derivation by noun–verb analysis of use–misuse case relationships: a case study using positive train control

  • Original Paper
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

Use cases and misuse cases, respectively, state the interactions that an actor can have and a mal-actor be prevented from having with a system. The cases do not specify either the security requirements or the associated attributes that a system must possess to operate in a secure manner. We present an algorithmic, domain-independent approach rooted in verb–noun analysis of use cases and misuse cases to generate system requirements and the associated security attributes. We illustrate the utility of this general five-step method using Positive train control (PTC) (a command and control system used to navigate trains in a railway grid) as a case study. This approach allows the designer to protect against the effect of wireless vulnerabilities on the safety of PTC systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Checkland P, Scholes J (1990) Soft system methodology in action. Wiley, New York

  2. QFD Institute (2005) Frequently asked questions about QFD

  3. Systems designers (1986) Scientific core-the method: user manual. SD-Scicon

  4. Mullery G (1979) Core: a method for controlled requirements specification. In: Proceedings 4th international conference on software engineering (ICSE-4), Munich, Germany, pp 17–19

  5. Kunz W, Rittel H Issues as elements of information systems, working paper. In: Berkeley institute of urban and regional development, University of California

  6. Wood J, Silver D (1995) Joint application development, 2nd edn. Wiley, New York

    Google Scholar 

  7. Kang K, Cohen S, Hess J, Novack W, Peterson A (1990) Feature-oriented domain analysis feasibility study (CMU/SEI-90-TR-021, ADA235785). Software Engineering Institute, Carnegie Mellon University, Pittsburgh

    Google Scholar 

  8. Hubbard R, Mead N, Schroeder C (2000) An assessment of the relative efficiency of a facilitator-driven requirements collection process with respect to the conventional interview method. In: International Conference on Requirements Engineering, Los Alamitos

  9. Sindre G, Opdahl A (2001) Capturing security requirements through misuse cases, proceedings, NorskInformatikkonferanse. Universiteteti Troms, Norway

    Google Scholar 

  10. Sindre G, Opdahl A (2000) Eliciting security requirements by misuse cases. In: Proceedings 37th international conference on technology of object-oriented languages (Tools 37-Pacific 2000) Sydney, Australia

  11. Larman C (1998) Applying UML and patterns. In: An introduction to Object Oriented analysis and design, Prentice-Hall, NJ

  12. Alexander I (2003) Misuse cases: use cases with Hostile Intent. IEEE Softw 20(1)

  13. Sindre G, Opdahl A (2001) Templates for misuse case description. In: Proceedings requirements engineering, foundations of software quality, Interlaken Switzerland

  14. (1999) Common criteria implementation board, common criteria for information technology security evaluation, part 2: security functional requirments ISO/IEC 15408–1. Int Stand Organ

  15. Ware M (2006) Using common criteria to elicit security requirements with use cases. In: Proceedings of the IEEE southeastern conference, Tennessee

  16. McDermott J, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th Annual IEEE computer security applications conference

  17. Nuseibh B, Lin L et al (2003) Introducing abuse frames for analyzing security requirements. In: Proceedings of the 11th IEEE international requirements, Engineering Conference

  18. Whitmore J (2001) A method for designing secure solutions. IBM Syst J 40(3)

  19. Diallo M, Romero-Mariona J et al (2006) A comparative evaluation of three approaches to specifying security requirements. In: 12th International workshop on requirements engineering foundations for software quality (REFSQ’ 06), Luxembourg

  20. Nuseibeh B, Haley C, Lanley R (2004) Deriving security requirements from crosscutting threat descriptions. In: Proceedings of the 3rd international conference on aspect-oriented software development, Lancaster, UK

  21. Object management group (2006) UML 2.0 OCL specification OMG

  22. Ddahl H, Hoggenvik I, Stohen K (2007) Structured semantics for the CORAS security risk modelling language, SINTEF ICT. Technical, Report A970

  23. Rumbaugh J (1994) Getting started: using use cases to capture requirements. J Object Oriented Program

  24. Jacobson I (1992) Object-Oriented software engineering: a use case driven approach. Addison-Wesley

  25. (2005) International standards organization, ISO/IEC 19501:2005 unified modeling language (UML) version 1.4.2, ISO

  26. Alexander I (2002) Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of 10th IEEE joint international requirements engineering conference (RE02), Essen, Germany

  27. Collins M (1999) Head driven statistical models for natural language parsing. Doctoral Disertation, University of Pennsylvania

  28. Benoit S, Overmyer S, Rambow B (2001) Conceptual modeling through linguistic analysis using LIDA. In: Proceedings 23rd international conference on software engineering (ICSE 2001), Toronto, Canada

  29. (1999) In: Landau S (ed) Cambridge dictionary of American English, Cambridge university press

  30. Hartong M, Goel R, Wijesekera D (2006) Communications based positive train control systems architecture in the USA. In: Proceedings 63rd IEEE international vehicle technology conference Melbourne, Australia

  31. (1994) Federal railroad administration, railroad communications and train control, report to congress

  32. (1999) Federal railroad administration, report of the railroad safety advisory committee to the federal railroad administrator. Implement Posit Train Control Syst

  33. (2004) Association of American railroads, policy and economics department, US freight railroad. Stat

  34. (2003) US surface transportation board, office Of economics. In: Environmental analysis and administration, Statistics Of Class I Freight railroads in the United States

  35. (2003) National transportation atlas databases (NTAD), federal railroad administration(FRA) national rail network 1:100,000 (line). In: Bureau of transportation statistics (BTS), Washington, DC

  36. (2005) Congressional research service of the library of congress. In: Terrorist capabilities for cyber attack- overview and policy issues, Report RL33123, Washington, DC

  37. (2002) Computer science and telecommunications board. In: National research council cybersecurity today and tomorrow: pay now or pay later, National academies press, Washington, DC

  38. The President’s National Security Telecommunications Advisory Committee (2003) Wireless task force report wireless, security

  39. (2003) Cybersecurity of freight information systems TRB special report 274. In: Transportation research board of the national academy of sciences, Washington, DC

  40. Chittester C, Haines Y (2004) Risks of terrorism to information technology and to critical interdependent infrastructure. J Homel Secur Emerg Manage 1(4)

  41. Weinstein B, Clower T (1998) The impact of the union pacific service disruptions on the Texas and national economies: an unfinished story. Railr Comm Texas

  42. Rush W (2004) Engaging in worm warfare. Infoworld Media Group, San Francisco

  43. (2005) United States national transportation safety board, report of railroad accident: collision of Norfolk southern freight train 192 with standing Norfolk Southern local train P22 with subsequent hazardous materials release. Graniteville, South Carolina, NTSB/RAR-05/04

  44. Register Federal (2005) 49 CFR Parts 209, 234, and 236 standards for the development and use of processor based signal and train control systems. Final Rule

  45. Carlson A, Frincke D, Laude M (2003) Railway security issues: a survey of developing railway technology. In: Proceedings of the international conference on computer, communications and Control technology, International Institute of Informatics and Systemic

  46. Craven P (2004) A brief look at railroad communication vulnerabilities. In: Proceedings 2004 IEEE intelligent transportation systems conference, Washington, DC

  47. Craven P, Craven S (2005) Security of ATCS wireless railway communications. In: Proceedings of the 2005 joint rail conference. Pueblo, CO.

  48. Hartong M, Goel R, Wijesekera D (2006) Communications security in communications based train control. In: Tenth international conference on computer system design and operation in the railway and other transit systems, Prague, Czech Republic

  49. Hartong M, Goel R, Wijesekera D (2006) Mapping use cases to functional fault trees in order to secure positive train control systems. In: Proceedings of 9th international conference on applications of advanced technology in transportation engineering, IL, Chicago

  50. Hartong M, Goel R, Wijesekera D (2006) Key management requirments for positive train control communications security. In: Proceedings of the (2006) IEEE/ASME joint rail conference, Atlanta, GA

  51. Warmer J, Kleppe A (1998) The object constraint language: precise modeling with UM. Addison-Wesley

  52. Sendal S, Strohmeier A (2000) From use cases to system operation specifications, UML 2000—The unified modeling language. In: Kent, Evans (eds) 3rd international conference. Lecture notes in computer science, number 1939, UK, Springer-Verlag

  53. (2004) Federal railroad administration benefits and costs of positive train control. Report Response Req Appropr Comm

  54. (2004) United States general accounting office, GAO testimony before the subcommittee on technology information policy, intergovernmental relations and the census, house committee on government reform. Crit Infrastruct Protect Chall Efforts Secur Control Syst

  55. (2006) US department of homeland security, office of grants and training FY 2006 infrastructure protection program. Intercity Passeng Rail Secur Progr Guidel Appl Kit

  56. American association of state highway and transportation officials (2002) Transportation-invest in America: freight-rail bottom line report. http://freight.transportation.org/ doc/ FreightRailReport.pdf

  57. (2006) Burlington Northern Santa Fe Railway, Product safety plan version 2.1

Download references

Author information

Authors and Affiliations

  1. US Federal Railroad Administration, 1200 New Jersey Ave SE, Washington, DC, 20590, USA

    Mark Hartong

  2. Department of Information Systems and Decision Science, School of Business, Howard University, 2600 6th Street, Washington, DC, 20059, USA

    Rajni Goel

  3. Department of Computer Science, George Mason University, MS 4A4, 100 University Drive, Fairfax, VA, 22030, USA

    Duminda Wijesekera

Authors
  1. Mark Hartong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajni Goel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Duminda Wijesekera
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Hartong.

Additional information

The views and opinions expressed herein are that of the authors and do not necessarily state or reflect those of the United States Government, the Department of Transportation, or the Federal Railroad Administration, and shall not be used for advertising or product endorsement purposes.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hartong, M., Goel , R. & Wijesekera, D. Security requirement derivation by noun–verb analysis of use–misuse case relationships: a case study using positive train control. Innovations Syst Softw Eng 10, 103–122 (2014). https://doi.org/10.1007/s11334-013-0227-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-013-0227-6

Keywords

Search

Navigation