Abstract
Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of analysis has traditionally been used to elicit requirements for safety and reliability engineering, but as a consequence of the ever-increasing coupling between the cyber and physical world, security has become an additional concern. Through a controlled experiment, we provide evidence that the expressiveness of the bow-tie notation is suitable for this purpose as well. Our results show that a sample population of graduate students, inexperienced in security modelling, perform similarly as security experts when we have a well-defined scope and familiar target system/situation. We also demonstrate that misuse case diagrams should be regarded as more of a complementary than competing modelling technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is an open source tool available and further documented at https://www.safeexambrowser.org/.
- 2.
Freely available at https://github.com/KDPRO-SINTEF/BowtieTool.
References
ISO/IEC 27005 Information technology - Security techniques - Information security risk management. Technical report (2008). http://www.iso.org/iso/catalogue_detail?csnumber=56742
Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283–299 (2012)
Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18–25 (2011)
Bernsmed, K., Frøystad, C., Meland, P.H., Nesheim, D.A., Rødseth, Ø.J.: Visualizing cyber security risks with bow-tie diagrams. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 38–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74860-3_3
Carver, J., Jaccheri, L., Morasca, S., Shull, F.: Issues in using students in empirical studies in software engineering education. In: 2003 Proceedings of the Ninth International Software Metrics Symposium, pp. 239–249. IEEE (2004)
Chen, Y., He, W.: Security risks and protection in online learning: a survey. Int. Rev. Res. Open Distrib. Learn. 14(5), 108–127 (2013)
Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. arXiv preprint arXiv:1707.02140 (2017)
Falessi, D., et al.: Empirical software engineering experts on the use of students and professionals in experiments. Empirical Softw. Eng. 23(1), 452–489 (2018)
Höst, M., Wohlin, C., Thelin, T.: Experimental context classification: incentives and experience of subjects. In: Proceedings of the 27th International Conference on Software Engineering, pp. 470–478. ACM (2005)
Jacobson, I.: Object-Oriented Software Engineering: A Use Case Driven Approach. Pearson Education India, Delhi (1993)
Johnson, C.: Using assurance cases and Boolean logic driven Markov processes to formalise cyber security concerns for safety-critical interaction with global navigation satellite systems. Electron. Commun. EASST 45, 1–18 (2011)
Khakzad, N., Khan, F., Amyotte, P.: Quantitative risk analysis of offshore drilling operations: a Bayesian approach. Saf. Sci. 57, 108–117 (2013)
Kitchenham, B.A., et al.: Preliminary guidelines for empirical research in software engineering. IEEE Trans. Softw. Eng. 28(8), 721–734 (2002)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)
Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25–32. IEEE (2017)
Lewis, S., Smith, K.: Lessons learned from real world application of the bow-tie method. In: 6th Global Congress on Process Safety. American Institute of Chemical Engineers (2010)
London, M.: 5 ways to cheat on online exams, September 2017. https://www.insidehighered.com/digital-learning/views/2017/09/20/creative-ways-students-try-cheat-online-exams
Lu, L., Liang, W., Zhang, L., Zhang, H., Lu, Z., Shan, J.: A comprehensive risk evaluation method for natural gas pipelines by combining a risk matrix with a bow-tie model. J. Nat. Gas Sci. Eng. 25, 124–133 (2015)
Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: testing the limits of an industrial robot’s security. Technical report, Trend Micro, Politecnico di Milano (2017)
Marsh, S.: More university students are using tech to cheat in exams, April 2017. https://www.theguardian.com/education/2017/apr/10/more-university-students-are-using-tech-to-in-exams
Matulevicius, R., Mayer, N., Heymans, P.: Alignment of misuse cases with security risk management. In: 2008 Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 1397–1404. IEEE (2008)
Mokhtari, K., Ren, J., Roberts, C., Wang, J.: Application of a generic bow-tie based risk analysis framework on risk management of sea ports and offshore terminals. J. Hazard. Mater. 192(2), 465–475 (2011)
Moody, D.L.: The method evaluation model: a theoretical model for validating information systems design methods. In: ECIS 2003 Proceedings, p. 79 (2003)
Nolan, D.P.: Safety and Security Review for the Process Industries: Application of HAZOP, PHA, What-IF and SVA Reviews. Elsevier, Amsterdam (2014)
Pfleeger, S.L.: Design and analysis in software engineering: the language of case studies and formal experiments. SIGSOFT Softw. Eng. Notes 19(4), 16–20 (1994)
Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)
Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., et al. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31072-0_24
Røstad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. Ph.D. thesis, Access Control in Healthcare Information Systems, pp. 66–77 (2008)
Runeson, P.: Using students as experiment subjects-an analysis on graduate and freshmen student data. In: Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering, pp. 95–102. Citeseer (2003)
Salman, I., Misirli, A.T., Juristo, N.: Are students representatives of professionals in software engineering experiments? In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 666–676. IEEE Press (2015)
Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282–288. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10557-4_31
Schneier, B.: Dr. Dobb’s J. Attack trees 24(12), 21–29 (1999)
Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop. Department of Computing, Lancaster University, UK (2008)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)
Sjoeberg, D.I.K., Hannay, J.E., Hansen, O., Kampenes, V.B., Karahasanovic, A., Liborg, N.K., Rekdal, A.C.: A survey of controlled experiments in software engineering. IEEE Trans. Softw. Eng. 31(9), 733–753 (2005)
Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects-an empirical evaluation. In: Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 288–290. ACM (2008)
Tichy, W.F.: Should computer scientists experiment more? Computer 31(5), 32–40 (1998)
Trbojevic, V.M., Carr, B.J.: Risk based methodology for safety improvements in ports. J. Hazard. Mater. 71(1–3), 467–480 (2000)
Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45416-0_2
World Maritime News: IMB: Shipping Next Playground for Hackers (2014). http://worldmaritimenews.com/archives/134727/imb-shipping-next-playground-for-hackers/
Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Towards experimental assessment of security threats in protecting the critical infrastructure. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2012, Wroclaw, Poland (2012)
Acknowledgment
The research leading to these results has partially been performed by the Cyber Security in Merchant Shipping (CySiMS) project, which received funding from the Research Council of Norway under Grant No. 256508. We would like to thank all participants in the experiment, as well as the group of NTNU students developing the bow-tie modelling tool that has supported our work greatly.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Combined Bow-Tie Diagrams
A Combined Bow-Tie Diagrams
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Meland, P.H., Bernsmed, K., Frøystad, C., Li, J., Sindre, G. (2019). An Experimental Evaluation of Bow-Tie Analysis for Cybersecurity Requirements. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-12786-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12785-5
Online ISBN: 978-3-030-12786-2
eBook Packages: Computer ScienceComputer Science (R0)