Effective Security Requirements Analysis: HAZOP and Use Cases
نویسندگان
چکیده
Use cases are widely used for functional requirements elicitation. However, security non-functional requirements are often neglected in this requirements analysis process. As systems become increasingly complex current means of analysis will probably prove ineffective. In the safety domain a variety of effective analysis techniques have emerged over many years. Since the safety and security domains share many similarities, various authors have suggested that safety techniques might usefully find application in security. This paper takes one such technique, HAZOP, and applies it to one widely used functional requirement elicitation component, UML use cases, in order to provide systematic analysis of potential security issues at the start of system development.
منابع مشابه
Security Assessments of Safety Critical Systems Using HAZOPs
Concerned with serious problems regarding security as a safety issue, a HAZOP specifically suited for identifying security threats has been developed. Unfortunately, the emphasis placed on security issues when developing safety critical systems is to often inadequate, possibly due to the lack of ”safety-compliant” security methods. Having had the opportunity to adapt the HAZOP-principle to the ...
متن کاملRisk analysis in plant commissioning: the Multilevel Hazop
The paper deals with risk analysis and management in the realisation of process plants by engineering and contracting companies. Specifically, a new analytical methodology is developed to manage the typical risks of plant commissioning. Following a detailed study of the commissioning process and its criticalities, Hazop is selected as the most suitable approach in forecasting particular risks o...
متن کاملApplying HAZOP to Software Engineering Models
HAZOP is a powerful hazard analysis technique which has a long history in process industries. As the use of programmable electronic systems becomes more common, it is clear that there is a need for a HAZOP method which can be used effectively with such systems. This paper describes several attempts to derive such a process, and identifies some requirements which must be met by any PES HAZOP pro...
متن کاملPractical experience with the application of HazOp to a software intensive system
This paper describes the work done by SINTEF on HazOp on a safety critical, software intensive system and the lessons learned in the process. The lessons concern two areas – the HazOp process and the use of the HazOp to formulate lower level safety requirements. We describe a HazOp process based on system functions instead of the overall system functionality and how to use software related guid...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کامل