Enhancing Misuse Cases With Risk Assessment for Safety Requirements

No Thumbnail Available

Date

2020

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Ieee-inst Electrical Electronics Engineers inc

Research Projects

Organizational Units

Thumbnail Image
Organizational Unit
Computer Engineering
(1998)
The Atılım University Department of Computer Engineering was founded in 1998. The department curriculum is prepared in a way that meets the demands for knowledge and skills after graduation, and is subject to periodical reviews and updates in line with international standards. Our Department offers education in many fields of expertise, such as software development, hardware systems, data structures, computer networks, artificial intelligence, machine learning, image processing, natural language processing, object based design, information security, and cloud computing. The education offered by our department is based on practical approaches, with modern laboratories, projects and internship programs. The undergraduate program at our department was accredited in 2014 by the Association of Evaluation and Accreditation of Engineering Programs (MÜDEK) and was granted the label EUR-ACE, valid through Europe. In addition to the undergraduate program, our department offers thesis or non-thesis graduate degree programs (MS).

Journal Issue

Abstract

Risk-driven requirements elicitation represents an approach that allows assignment of appropriate countermeasure for the protection of the Information System (IS) depending on the risk level. Elicitation of safety requirements based on risk analysis is essential for those IS which will run on the open and dynamic Internet platform. Traditionally, misuse cases are used to find the weak points of an IS but cannot differentiate between the weak point that can lead to lenient hazard and/or serious hazard. In this paper, we present an enhanced misuse case approach to support IS safety risk assessment at the early stages of software process. We extensively examined and identified concepts which constitute a modelling technique for IS safety risk assessment and build a conceptual model for achieving IS safety risk assessment during the requirement analysis phase of software process. The risk assessment process follows an approach of consequential analysis based on misuse cases for safety hazard identification and qualitative risk measurement. The safety requirements are elicited according to the results of the risk assessment. A medical IS is used as a case study to validate the proposed model.

Description

Fernandez-Sanz, Luis/0000-0003-0778-0073; Misra, Sanjay/0000-0002-3556-9331; Abayomi-Alli, Olusola/0000-0003-2513-5318; Arogundade, Oluwasefunmi/0000-0001-9338-491X

Keywords

Misuse case, requirements engineering, risk assessment, scenario, safety, use cases

Turkish CoHE Thesis Center URL

Citation

3

WoS Q

Q2

Scopus Q

Q1

Source

Volume

8

Issue

Start Page

12001

End Page

12014

URI

https://doi.org/10.1109/ACCESS.2019.2963673
 https://hdl.handle.net/20.500.14411/3486

Collections

WOS
Scopus