Abstract
New systems and functionalities are continuously deployed in complex domains such as Air Traffic Management (ATM). Unfortunately, methodologies provide limited support in order to deal with changes and to assess their impacts on critical features (e.g. safety, security, etc.). This paper is concerned with how change requirements affect security properties. A change requirement is a specification of changes that are to be implemented in a system. The paper reports our experience to support an evolutionary risk analysis in order to assess change requirements and their impacts on security properties. In particular, this paper discusses how changes to structured risk analysis models are perceived by domain experts by presenting insights from a risk assessment exercise that uses the CORAS model-driven risk analysis in an ATM case study. It discusses how structured models supporting risk analysis help domain experts to analyse and assess the impact of changes on critical system features.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
ISO 31000, Risk Management: Principles and Guidelines, International Organization for Standardization (2009)
Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016. Carnegie Mellon University (2004)
Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th International Congress on Medical Informatics, MEDINFO 1992, pp. 1589–1593 (1992)
CRAMM - The total information security toolkit, http://www.cramm.com/ (accessed March 2, 2011)
Robinson, R.M., Anderson, K., Browning, B., Francis, G., Kanga, M., Millen, T., Milman, C.: Risk and Reliability. An Introductory Text, 5th edn. R2A (2001)
IEC 61025, Fault Tree Analysis (FTA), International Electrotechnical Commission (1990)
IEC 60300-3-9, Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems - Event Tree Analysis (ETA), International Electrotechnical Commission (1995)
Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)
Nielsen, D.S.: The cause/consequence diagram method as basis for quantitative accident analysis. Technical report RISO-M-1374, Danish Atomic Energy Commission (1971)
Ben-Gal, I.: Bayesian networks. In: Ruggeri, F., Kenett, R.S., Faltin, F.W. (eds.) Encyclopedia of Statistics in Quality and Reliability. John Wiley & Sons, Chichester (2007)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011)
Brændeland, G., Refsdal, A., Stølen, K.: Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software 83(10), 1995–2013 (2010)
Lund, M.S., Solhaug, B., Stølen, K., Innerhofer-Oberperfler, F., Felici, M., Meduri, V., Tedeschi, A.: Assessment Method, SecureChange deliverable (2011)
OMG Unified Modeling Language, Superstructure, version 2.2, Object Management Group (2009)
Perrow, C.: Normal accidents: living with high-risk technologies. Princeton University Press, Princeton (1999)
Edwards, E.: Man and machine: Systems for safety. In: Proceedings of British Airline Pilots Associations Technical Symposium, British Airline Pilots Associations, pp. 21-36 (1972)
Reason, J.: Managing the Risks of Organizational Accidents, Ashgate (1997)
Pasquini, A., Pozzi, S.: Evaluation of air traffic management procedures - safety assessment in an experimental environment. Reliability Engineering & System Safety 89(1), 105–117 (2005)
Pasquini, A., Pozzi, S., Save, L.: A critical view of severity classification in risk assessment methods. Reliability Engineering & System Safety 96(1), 53–63 (2011)
EUROCONTROL. Safety Nets - Ensuring Effectiveness (2009)
EUROCONTROL safety regulatory requirements (ESARR), ESARR 4 - risk assessment and mitigation in ATM, Edition 1.0 (2001)
EUROCONTROL safety regulatory requirements (ESARR), ESARR 6 - Software in ATM Systems, Edition 1.0 (2003)
EUROCONTROL, Baseline Integrated Risk Picture for Air Traffic Management in Europe, EEC Note No. 15/05 (2005)
Brooker, P.: The Überlingen accident: Macro-level safety lessons. Safety Science 46(10), 1483–1508 (2008)
Felici, M.: Evolutionary safety analysis: Motivations from the air traffic management domain. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 208–221. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Felici, M., Meduri, V., Solhaug, B., Tedeschi, A. (2011). Evolutionary Risk Analysis: Expert Judgement. In: Flammini, F., Bologna, S., Vittorini, V. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2011. Lecture Notes in Computer Science, vol 6894. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24270-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-24270-0_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24269-4
Online ISBN: 978-3-642-24270-0
eBook Packages: Computer ScienceComputer Science (R0)