Skip to main content
SpringerLink
Log in

An Experimental Evaluation of Bow-Tie Analysis for Cybersecurity Requirements

  • Conference paper
  • First Online:
Computer Security (SECPRE 2018, CyberICPS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11387))

Abstract

Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of analysis has traditionally been used to elicit requirements for safety and reliability engineering, but as a consequence of the ever-increasing coupling between the cyber and physical world, security has become an additional concern. Through a controlled experiment, we provide evidence that the expressiveness of the bow-tie notation is suitable for this purpose as well. Our results show that a sample population of graduate students, inexperienced in security modelling, perform similarly as security experts when we have a well-defined scope and familiar target system/situation. We also demonstrate that misuse case diagrams should be regarded as more of a complementary than competing modelling technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This is an open source tool available and further documented at https://www.safeexambrowser.org/.

  2. 2.

    Freely available at https://github.com/KDPRO-SINTEF/BowtieTool.

References

  1. ISO/IEC 27005 Information technology - Security techniques - Information security risk management. Technical report (2008). http://www.iso.org/iso/catalogue_detail?csnumber=56742

  2. Banerjee, A., Venkatasubramanian, K.K., Mukherjee, T., Gupta, S.K.S.: Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100(1), 283–299 (2012)

    Article  Google Scholar 

  3. Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18–25 (2011)

    Article  Google Scholar 

  4. Bernsmed, K., Frøystad, C., Meland, P.H., Nesheim, D.A., Rødseth, Ø.J.: Visualizing cyber security risks with bow-tie diagrams. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 38–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74860-3_3

    Chapter  Google Scholar 

  5. Carver, J., Jaccheri, L., Morasca, S., Shull, F.: Issues in using students in empirical studies in software engineering education. In: 2003 Proceedings of the Ninth International Software Metrics Symposium, pp. 239–249. IEEE (2004)

    Google Scholar 

  6. Chen, Y., He, W.: Security risks and protection in online learning: a survey. Int. Rev. Res. Open Distrib. Learn. 14(5), 108–127 (2013)

    Google Scholar 

  7. Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. arXiv preprint arXiv:1707.02140 (2017)

  8. Falessi, D., et al.: Empirical software engineering experts on the use of students and professionals in experiments. Empirical Softw. Eng. 23(1), 452–489 (2018)

    Article  Google Scholar 

  9. Höst, M., Wohlin, C., Thelin, T.: Experimental context classification: incentives and experience of subjects. In: Proceedings of the 27th International Conference on Software Engineering, pp. 470–478. ACM (2005)

    Google Scholar 

  10. Jacobson, I.: Object-Oriented Software Engineering: A Use Case Driven Approach. Pearson Education India, Delhi (1993)

    Google Scholar 

  11. Johnson, C.: Using assurance cases and Boolean logic driven Markov processes to formalise cyber security concerns for safety-critical interaction with global navigation satellite systems. Electron. Commun. EASST 45, 1–18 (2011)

    Google Scholar 

  12. Khakzad, N., Khan, F., Amyotte, P.: Quantitative risk analysis of offshore drilling operations: a Bayesian approach. Saf. Sci. 57, 108–117 (2013)

    Article  Google Scholar 

  13. Kitchenham, B.A., et al.: Preliminary guidelines for empirical research in software engineering. IEEE Trans. Softw. Eng. 28(8), 721–734 (2002)

    Article  Google Scholar 

  14. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)

    Article  MathSciNet  Google Scholar 

  15. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)

    Article  Google Scholar 

  16. Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25–32. IEEE (2017)

    Google Scholar 

  17. Lewis, S., Smith, K.: Lessons learned from real world application of the bow-tie method. In: 6th Global Congress on Process Safety. American Institute of Chemical Engineers (2010)

    Google Scholar 

  18. London, M.: 5 ways to cheat on online exams, September 2017. https://www.insidehighered.com/digital-learning/views/2017/09/20/creative-ways-students-try-cheat-online-exams

  19. Lu, L., Liang, W., Zhang, L., Zhang, H., Lu, Z., Shan, J.: A comprehensive risk evaluation method for natural gas pipelines by combining a risk matrix with a bow-tie model. J. Nat. Gas Sci. Eng. 25, 124–133 (2015)

    Article  Google Scholar 

  20. Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: testing the limits of an industrial robot’s security. Technical report, Trend Micro, Politecnico di Milano (2017)

    Google Scholar 

  21. Marsh, S.: More university students are using tech to cheat in exams, April 2017. https://www.theguardian.com/education/2017/apr/10/more-university-students-are-using-tech-to-in-exams

  22. Matulevicius, R., Mayer, N., Heymans, P.: Alignment of misuse cases with security risk management. In: 2008 Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 1397–1404. IEEE (2008)

    Google Scholar 

  23. Mokhtari, K., Ren, J., Roberts, C., Wang, J.: Application of a generic bow-tie based risk analysis framework on risk management of sea ports and offshore terminals. J. Hazard. Mater. 192(2), 465–475 (2011)

    Article  Google Scholar 

  24. Moody, D.L.: The method evaluation model: a theoretical model for validating information systems design methods. In: ECIS 2003 Proceedings, p. 79 (2003)

    Google Scholar 

  25. Nolan, D.P.: Safety and Security Review for the Process Industries: Application of HAZOP, PHA, What-IF and SVA Reviews. Elsevier, Amsterdam (2014)

    Google Scholar 

  26. Pfleeger, S.L.: Design and analysis in software engineering: the language of case studies and formal experiments. SIGSOFT Softw. Eng. Notes 19(4), 16–20 (1994)

    Article  Google Scholar 

  27. Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)

    Article  Google Scholar 

  28. Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., et al. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31072-0_24

    Chapter  Google Scholar 

  29. Røstad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. Ph.D. thesis, Access Control in Healthcare Information Systems, pp. 66–77 (2008)

    Google Scholar 

  30. Runeson, P.: Using students as experiment subjects-an analysis on graduate and freshmen student data. In: Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering, pp. 95–102. Citeseer (2003)

    Google Scholar 

  31. Salman, I., Misirli, A.T., Juristo, N.: Are students representatives of professionals in software engineering experiments? In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 666–676. IEEE Press (2015)

    Google Scholar 

  32. Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282–288. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10557-4_31

    Chapter  Google Scholar 

  33. Schneier, B.: Dr. Dobb’s J. Attack trees 24(12), 21–29 (1999)

    Google Scholar 

  34. Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop. Department of Computing, Lancaster University, UK (2008)

    Google Scholar 

  35. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  36. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  37. Sjoeberg, D.I.K., Hannay, J.E., Hansen, O., Kampenes, V.B., Karahasanovic, A., Liborg, N.K., Rekdal, A.C.: A survey of controlled experiments in software engineering. IEEE Trans. Softw. Eng. 31(9), 733–753 (2005)

    Article  Google Scholar 

  38. Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects-an empirical evaluation. In: Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 288–290. ACM (2008)

    Google Scholar 

  39. Tichy, W.F.: Should computer scientists experiment more? Computer 31(5), 32–40 (1998)

    Article  MathSciNet  Google Scholar 

  40. Trbojevic, V.M., Carr, B.J.: Risk based methodology for safety improvements in ports. J. Hazard. Mater. 71(1–3), 467–480 (2000)

    Article  Google Scholar 

  41. Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45416-0_2

    Chapter  MATH  Google Scholar 

  42. World Maritime News: IMB: Shipping Next Playground for Hackers (2014). http://worldmaritimenews.com/archives/134727/imb-shipping-next-playground-for-hackers/

  43. Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Towards experimental assessment of security threats in protecting the critical infrastructure. In: Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2012, Wroclaw, Poland (2012)

    Google Scholar 

Download references

Acknowledgment

The research leading to these results has partially been performed by the Cyber Security in Merchant Shipping (CySiMS) project, which received funding from the Research Council of Norway under Grant No. 256508. We would like to thank all participants in the experiment, as well as the group of NTNU students developing the bow-tie modelling tool that has supported our work greatly.

Author information

Authors and Affiliations

  1. SINTEF Digital, Trondheim, Norway

    Per Håkon Meland, Karin Bernsmed & Christian Frøystad

  2. Norwegian University of Science and Technology, Trondheim, Norway

    Per Håkon Meland, Jingyue Li & Guttorm Sindre

Authors
  1. Per Håkon Meland
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karin Bernsmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Frøystad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jingyue Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guttorm Sindre
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Per Håkon Meland .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Cesson-Sévigné, France

    Frédéric Cuppens

  3. IMT Atlantique, Cesson-Sévigné, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  6. University of the Aegean, Karlovasi, Greece

    Stefanos Gritzalis

  7. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  8. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

A Combined Bow-Tie Diagrams

A Combined Bow-Tie Diagrams

Fig. 5.
figure 5

A combination of the models made by the students.

Full size image
Fig. 6.
figure 6

A combination of the models made by the experts.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Meland, P.H., Bernsmed, K., Frøystad, C., Li, J., Sindre, G. (2019). An Experimental Evaluation of Bow-Tie Analysis for Cybersecurity Requirements. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12786-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12785-5

  • Online ISBN: 978-3-030-12786-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation