{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T17:50:46Z","timestamp":1656525046024},"reference-count":25,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,1]]},"abstract":"<jats:p>While security assessments of information systems are being increasingly performed with support of security modelling, safety assessments are still undertaken with traditional techniques such as Failure Mode and Effect Analysis (FMEA). As system modelling is becoming an increasingly important part of developing more safety critical systems, the safety field can benefit from security techniques that integrate system modelling and security aspects. This paper adapts an existing security modelling technique, Misuse Sequence Diagrams, to support failure analysis. The resulting technique, called Failure Sequence Diagrams, is used to support Failure Mode and Effect Analysis in an industrial setting. Based on the experiences, the authors suggest improvements both to traditional safety techniques and to security and safety modelling.<\/jats:p>","DOI":"10.4018\/jsse.2012010102","type":"journal-article","created":{"date-parts":[[2012,11,27]],"date-time":"2012-11-27T13:28:24Z","timestamp":1354022904000},"page":"20-36","source":"Crossref","is-referenced-by-count":4,"title":["Improving Security and Safety Modelling with Failure Sequence Diagrams"],"prefix":"10.4018","volume":"3","author":[{"given":"Christian","family":"Raspotnig","sequence":"first","affiliation":[{"name":"University of Bergen, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andreas L.","family":"Opdahl","sequence":"additional","affiliation":[{"name":"University of Bergen, Norway"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"jsse.2012010102-0","doi-asserted-by":"crossref","unstructured":"Aagedal, J. \u00d8., Braber, F. d., Dimitrakos, T., Gran, B. A., Raptis, D., & St\u00f8len, K. (2002). Model-based risk assessment to improve enterprise security. In Proceedings of the Sixth International Enterprise Distributed Object Computing Conference.","DOI":"10.1109\/EDOC.2002.1137696"},{"key":"jsse.2012010102-1","unstructured":"Allenby, K., & Kelly, T. (2001). Deriving safety requirements using scenarios. In Proceedings of the Fifth IEEE International Symposium on Requirements Engineering."},{"key":"jsse.2012010102-2","author":"E. G.Amoroso","year":"1994","journal-title":"Fundamentals of computer security technology"},{"key":"jsse.2012010102-3","author":"A.Avizienis","year":"2001","journal-title":"Fundamental concepts of dependability. Tyne and Wear"},{"key":"jsse.2012010102-4","doi-asserted-by":"publisher","DOI":"10.2307\/249008"},{"key":"jsse.2012010102-5","doi-asserted-by":"publisher","DOI":"10.1002\/0471739421"},{"key":"jsse.2012010102-6","year":"2009","journal-title":"ED-153 - Guidelines for ANS software safety assurance"},{"key":"jsse.2012010102-7","unstructured":"EUROCONTROL. (2006). Air navigation safety assessment methodology - V2.1 (electronic) (2.1 ed.). Brussels, Belgium: Author."},{"key":"jsse.2012010102-8","year":"2007","journal-title":"Eurocontrol specification for on-line data interchange"},{"key":"jsse.2012010102-9","unstructured":"EUROCONTROL. (2007b). Specification of interoperability and performance requirements for the flight message transfer protocol (FMTP) (Tech. Rep. No. EUROCONTROL-SPEC-0100). Brussels, Belgium: Author."},{"key":"jsse.2012010102-10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-16782-9_1"},{"key":"jsse.2012010102-11","author":"N. G.Leveson","year":"1995","journal-title":"Safeware: System safety and computers"},{"key":"jsse.2012010102-12","unstructured":"OMG. (2011). Object management group unified modeling language (OMG UML), superstructure. Retrieved from http:\/\/www.omg.org\/spec\/UML\/2.4\/Superstructure"},{"key":"jsse.2012010102-13","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.05.013"},{"key":"jsse.2012010102-14","unstructured":"ReqSec project. (2008). About ReqSec project. Retrieved November, 2011, from Retrieved from http:\/\/www.idi.ntnu.no\/~guttors\/reqsec\/"},{"key":"jsse.2012010102-15","author":"B.Schneier","year":"2000","journal-title":"Secrets and lies: digital security in a networked world"},{"key":"jsse.2012010102-16","unstructured":"SESAR Joint Undertaking. (2011). About SESAR Joint Undertaking. Retrieved November, 2011, from http:\/\/www.sesarju.eu\/about"},{"key":"jsse.2012010102-17","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73947-2_20"},{"key":"jsse.2012010102-18","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"key":"jsse.2012010102-19","unstructured":"Sindre, G., Opdahl, A. L., & Brevik, G. F. (2002). Generalization\/specialization as a structuring mechanism for misuse cases. In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security, Raleigh, NC."},{"key":"jsse.2012010102-20","doi-asserted-by":"crossref","unstructured":"Staalhane, T., & Sindre, G. (2008). Safety hazard identification by misuse cases: Experimental comparison of text and diagrams. In Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems.","DOI":"10.1007\/978-3-540-87875-9_50"},{"key":"jsse.2012010102-21","author":"W.Stallings","year":"2000","journal-title":"Data and computer communications"},{"key":"jsse.2012010102-22","unstructured":"Watson, A. (2011). Visual Modelling: past, present and future. Retrieved November, 2011, from http:\/\/www.uml.org\/Visual_Modeling.pdf"},{"key":"jsse.2012010102-23","doi-asserted-by":"crossref","unstructured":"Winther, R., Johnsen, O.-A., & Gran, B. A. (2001). Security assessments of safety critical systems using HAZOPs. In Proceedings of the 20th International Conference on Computer Safety, Reliability and Security.","DOI":"10.1007\/3-540-45416-0_2"},{"key":"jsse.2012010102-24","volume":"Vol. 5","author":"R. K.Yin","year":"2009","journal-title":"Case study research"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=64193","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,2,19]],"date-time":"2019-02-19T16:34:05Z","timestamp":1550594045000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2012010102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,1]]},"references-count":25,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2012010102","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,1]]}}}