A Combined Process for Elicitation and Analysis of Safety and Security Requirements

  • Christian Raspotnig
  • Peter Karpati
  • Vikash Katta
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 113)


The aim of safety and security assessments are very similar since they both consider harm during system development. However, they apply different means for it and are performed in separated processes. As security and safety areas are merging in new systems that are critical, and more openly interconnected, there is a need to relate the different processes during the development. A combined assessment process could save resources compared to separated safety and security assessments, as well as support the understanding of mutual constraints and the resolution of conflicts between the two areas. We suggest a combined method covering the harm identification and analysis part of the assessment process using UML-based models. The process is applied on a case from the Air Traffic Management domain. Experts’ opinions about the results have also been collected for feedback.


safety security combination of assessments requirements engineering UML 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Object Management Group: Unified modeling language (OMG UML), superstructure (2011),
  2. 2.
    Watson, A.: Visual modelling: past, present and future (2011),
  3. 3.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirement Engineering 10, 34–44 (2005)CrossRefGoogle Scholar
  4. 4.
    Sindre, G.: Mal-Activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Katta, V., Karpati, P., Opdahl, A.L., Raspotnig, C., Sindre, G.: Comparing Two Techniques for Intrusion Visualization. In: van Bommel, P., Hoppenbrouwers, S., Overbeek, S., Proper, E., Barjis, J. (eds.) PoEM 2010. LNBIP, vol. 68, pp. 1–15. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Raspotnig, C., Opdahl, A.: Supporting Failure Mode and Effect Analysis: A Case Study with Failure Sequence Diagrams. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 117–131. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Ericson, C.: Hazard analysis techniques for system safety. Wiley-Interscience (2005)Google Scholar
  8. 8.
    ATM Bedriftsnettverk: Delievery DA-1.1. Technical report (2011) Google Scholar
  9. 9.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis - The CORAS approach. Springer (2011)Google Scholar
  10. 10.
    Giorgini, P., Mouratidis, H.: Secure tropos: A security-oriented extension of the tropos methodology. Journal of Autonomous Agents and Multi-Agent Systems (2005)Google Scholar
  11. 11.
    Lin, L., Nuseibeh, B.A., Ince, D.C., Jackson, M., Moffett, J.D.: Analysing security threats and vulnerabilities using abuse frames. Technical Report 2003/10, The Open University, Walton Hall, United Kingdom (October 2003)Google Scholar
  12. 12.
    Lamsweerde, A.V.: Requirements Engineering - From System Goals to UML Models to Software Specifications. Wiley (2009)Google Scholar
  13. 13.
    Lamsweerde, A.V.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, ICSE 2004, pp. 148–157. IEEE Computer Society, Washington, DC (2004)CrossRefGoogle Scholar
  14. 14.
    Firesmith, D.G.: Common Concepts Underlying Safety, Security, and Survivability Engineering. Technical Note CMU/SEI-2003-TN-033, Software Engineering Institute (2003) Google Scholar
  15. 15.
    Firesmith, D.G.: A taxonomy of security-related requirements. In: Proceedings of the Fourth International Workshop on Requirements Engineering for High- Availability Systems. RHAS’9205. IEEE Computer Society, Washington, DC (2005)Google Scholar
  16. 16.
    Winther, R., Johnsen, O.A., Gran, B.A.: Security Assessments of Safety Critical Systems Using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Ministry of Defence: HAZOP studies on systems containing programmable electronics. UK Ministry of Defence Interim Def Stan 00-58 (1994),
  18. 18.
    Srivatanakul, T., Clark, J.A., Polack, F.: Effective Security Requirements Analysis: HAZOP and Use Cases. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 416–427. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Eurocontrol: SESAR ATM preliminary security risk assessment method (2011) Google Scholar
  20. 20.
    Eurocontrol: ATM security risk management toolkit. Technical Report EUROCONTROL- GUID-144, EUROCONTROL ATM Security Domain (2010) Google Scholar
  21. 21.
    ISO/IEC: Information Technology - Security Techniques - Information Security Risk Management ISO 27005 Google Scholar
  22. 22.
    Sindre, G.: A look at misuse cases for safety concerns. In: Ralyté, J., Brinkkemper, S., Henderson-Sellers, B. (eds.) Situational Method Engineering: Fundamentals and Experiences. IFIP, vol. 244, pp. 252–266. Springer, Boston (2007)CrossRefGoogle Scholar
  23. 23.
    Stålhane, T., Sindre, G.: A Comparison of Two Approaches to Safety Analysis Based on Use Cases. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 423–437. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Alexander, I.F.: Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering, RE 2002, pp. 61–70. IEEE Computer Society, Washington, DC (2002)CrossRefGoogle Scholar
  25. 25.
    Raspotnig, C., Opdahl, A.: Improving security and safety modelling with failure sequence diagrams. International Journal of Secure Software Engineering (IJSSE), 20–36 (2012)Google Scholar
  26. 26.
    SESAR Joint Undertaking: About SESAR JU (2012),
  27. 27.
    Saab, L.F.V.: Advanced remote tower (2012),
  28. 28.
    Eurocontrol: Air Navigation Safety Assessment Methodology. (electronic) edn. 2.1 (2006) Google Scholar
  29. 29.
    CORAS: The CORAS Method,

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Christian Raspotnig
    • 1
    • 3
  • Peter Karpati
    • 2
  • Vikash Katta
    • 2
    • 3
  1. 1.University of BergenBergenNorway
  2. 2.Norwegian University of Science and TechnologyTrondheimNorway
  3. 3.Institute for Energy TechnologyHaldenNorway

Personalised recommendations