Hazard Analysis for Security Protocol Requirements

  • Nathalie Foster
  • Jeremy Jacob
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 78)


This paper describes a process for the generation and analysis of security protocol requirements. It addresses some of the problems resulting from the inadequacies of present development methods. It is based on a hazard analysis technique which has been developed for safety critical systems engineering. This provides a structured method of analysis of the requirements whilst avoiding the problems of being too restrictive.


security protocols software engineering requirements gathering and analysis hazard analysis 


  1. [1]
    Ross Anderson. How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering). Invited Talk at the 15th Annual Computer Security Applications Conference, Phoenix, Arizona, December 1999.Google Scholar
  2. [2]
    Ross J. Anderson. Why Cryptosystems Fail. Communications of the ACM, 37(11):32–40, 1994.CrossRefGoogle Scholar
  3. [3]
    Annie I. Antón. Goal-Based Requirements Analysis. In 2nd IEEE International Conference on Requirements Engineering, pages 136–144, April 1996.Google Scholar
  4. [4]
    Annie I. Antón. Goal Identification and Refinement in the Specification of Software-Based Information Systems. PhD thesis, Georgia Institute of Technology, Atlanta, June 1997.Google Scholar
  5. [5]
    Barry W. Boehm. A Spiral Model of Software Development and Enhancement. IEEE Computer, pages 61–72, May 1988.Google Scholar
  6. [6]
    CISHEC. A Guide to Hazard and Operability Studies. The Chemical Industry Safety and Health Council of the Chemical Industries Association Ltd, 1977.Google Scholar
  7. [7]
    T. Kletz. HAZOP and HAZAN: Identifying and Assessing Process Industry Hazards. Institution of Chemical Engineers, third edition, 1992.Google Scholar
  8. [8]
    Colin Potts, Kenji Takahashi, and Annie I. Antón. Inquiry-Based Requirements Analysis. IEEE Software, 11(2):21–32, March 1994.CrossRefGoogle Scholar
  9. [9]
    Roger S. Pressman. Software Engineering: A Practitioner’s Approach. McGraw Hill, 5th edition, 2000. (European adaption by Daryl Ince).Google Scholar
  10. [10]
    D.J. Pumfrey. The Principled Design of Computer System Safety Analyses. Dphil Thesis, University of York, 2000.Google Scholar
  11. [11]
    Felix Redmill, Morris Chudleigh, and James Catmur. System Safety: HAZOP and Software HAZOP. Wiley, 1999.Google Scholar
  12. [12]
    W. W. Royce. Managing the Development of Large Software Systems. In Proceedings of IEEE WESCON, pages 1–9, 1970. Reprinted in Thayer R.H.(ed.) (1988) IEEE Tutorial on Software Engineering Project Management.Google Scholar
  13. [13]
    Ian Sommerville. Software Engineering. Addison Wesley, 6th edition, 2000.Google Scholar
  14. [14]
    Paul Syverson and Catherine Meadows. A Logical Language for Specifying Cryptographic Protocol Requirements. In IEEE Symposium on Research into Security and Privacy, pages 165–177. IEEE Computer Society Press, 1993.Google Scholar
  15. [15]
    Paul Syverson and Catherine Meadows. Formal Requirements for Key Distribution Protocols. In Alfredo De Santis, editor, Advances in Cryptology-EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 320–331. Springer, May 1994.Google Scholar
  16. [16]
    Axel van Lamsweerde and Emmanuel Letier. Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Transactions on Software Engineering, 26(10): 978–1005, October 2000.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2002

Authors and Affiliations

  • Nathalie Foster
    • 1
  • Jeremy Jacob
    • 1
  1. 1.Department of Computer ScienceUniversity of YorkUK

Personalised recommendations