A Comparison of Two Approaches to Safety Analysis Based on Use Cases

  • Tor Stålhane
  • Guttorm Sindre
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4801)


Engineering has a long tradition in analyzing the safety of mechanical, electrical and electronic systems. Important methods like HazOp and FMEA have also been adopted by the software engineering community. The misuse case method, on the other hand, has been developed by the software community as an alternative to FMEA and preliminary HazOp for software development. To compare the two methods misuse case and FMEA we have run a small experiment involving 42 third year software engineering students. In the experiment, the students should identify and analyze failure modes from one of the use cases for a commercial electronic patient journals system. The results of the experiment show that on the average, the group that used misuse cases identified and analyzed more user related failure modes than the persons using FMEA. In addition, the persons who used the misuse cases scored better on perceived ease of use and intention to use.


Safety engineering FMEA misuse cases experiment 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Firesmith, D.G.: Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements. Journal of Object Technology 3, 27–42 (2004)Google Scholar
  2. 2.
    McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Dignum, F.P.M., Greaves, M. (eds.) Issues in Agent Communication. LNCS, vol. 1916, Springer, Heidelberg (2000)Google Scholar
  3. 3.
    Lutz, R.R.: Software Engineering for Safety: A Roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 213–226. ACM Press, New York (2000)Google Scholar
  4. 4.
    Jacobson, I., Christerson, M., Jonsson, P., Overgaard, G.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, Boston (1992)zbMATHGoogle Scholar
  5. 5.
    Poels, G., Burton-Jones, A., Gemino, A., Parsons, J., Ramesh, V.: Experimental Research on Conceptual Modeling: What Should We Be Doing and Why? In: Embley, D.W., Olivé, A., Ram, S. (eds.) ER 2006. LNCS, vol. 4215, pp. 544–547. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Allenby, K., Kelly, T.: Deriving Safety Requirements Using Scenarios. In: Nuseibeh, B., Easterbrook, S. (eds.) Fifth IEEE International Symposium on Requirements Engineering (RE’01), Toronto, Canada, pp. 228–235. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  7. 7.
    Guidelines, S.A.E.: Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment. Society of Automotive Engineers (1996)Google Scholar
  8. 8.
    Redmill, F., Chudleigh, M., Catmur, J.: System Safety: HAZOP and Software HAZOP. Wiley, Chichester, UK (1999)Google Scholar
  9. 9.
    Kim, H.-K., Chung, Y.-K.: Automatic Translation from Requirements Model into Use Cases Modeling on UML. In: Gervasi, O., Gavrilova, M., Kumar, V., Laganà, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, pp. 769–777. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Hause, M.: Use-cases to aid safe design. Electronics Systems and Software 2, 38–41 (2004)CrossRefGoogle Scholar
  11. 11.
    Pettit IV, R.G., Street, J.A.: Lessons Learned Applying UML in the Design of Mission-Critical Software. In: Nunes, N.J., Selic, B., Rodrigues da Silva, A., Toval Alvarez, A. (eds.) UML Modeling Languages and Applications. LNCS, vol. 3297, pp. 129–137. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Ebnenasir, A., Cheng, B.H.C., Konrad, S.: Use Case-Based Modeling and Analysis of Failsafe Fault-Tolerance. In: Glinz, M. (ed.) 14th IEEE International Requirements Engineering Conference (RE’06), St.Louis, USA, pp. 343–344. IEEE Computer Society Press, Los Alamitos (2006)CrossRefGoogle Scholar
  13. 13.
    Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10, 34–44 (2005)CrossRefGoogle Scholar
  14. 14.
    Alexander, I.F.: Initial Industrial Experience of Misuse Cases in Trade-Off Analysis. In: Pohl, K. (ed.) 10th Anniversary IEEE Joint International Requirements Engineering Conference (RE’02), Essen, Germany, pp. 9–13. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  15. 15.
    Alexander, I.F.: Misuse Cases, Use Cases with Hostile Intent. IEEE Software 20, 58–66 (2003)CrossRefGoogle Scholar
  16. 16.
    Gran, B.A., Fredriksen, R., Thunem, A.P.-J.: An Approach for Model-Based Risk Assessment. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 311–324. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Jürjens, J.: Developing Safety-Critical Systems with UML. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 144–159. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Hungar, H.: UML-basierte Entwicklung sikkerheitskritische Systemen im Bahnbereich. Dagstuhl Workshop on Model-Based Development of Embedded Systems, Dagstuhl, Germany (January, 9-13), pp. 63-64. Tech Univ Braunschweig (2006)Google Scholar
  19. 19.
    Berkenkötter, K., Hannemann, U., Peleska, J., HYBRIS,: HYBRIS - Efficient Specification and Analysis of Hybrid Systems - Part III: RCSD - A UML 2.0 Profile for the Railway Control System Domain (Draft Version). Univ. Bremen, Germany (2006)Google Scholar
  20. 20.
    Tenzer, J.: Exploration games for safety-critical system design with UML 2.0. In: Fernandez, E.B., et al. (eds.): 3rd International Workshop on Critical Systems Development with UML, CSDUML’04, Lisbon, Portugal, 12 Oct, Technical Report I0415. pp. 41-55. Technische Universität München, (2004)Google Scholar
  21. 21.
    Stålhane, T., Pham, H.T.: Assessment and Analysis of Robustness for a Web-Based System. In: Isaias, P., et al. (eds.) IADIS International Conference on WWW/Internet, Murcia, Spain, 5-8 October, IADIS Press (2006)Google Scholar
  22. 22.
    Lauritzen, T., Stålhane, T.: Safety Methods in Software Process Improvement. In: Richardson, I., Abrahamsson, P., Messnarz, R. (eds.) Software Process Improvement. LNCS, vol. 3792, pp. 95–105. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Fernandez-Medina, E., Trujillo, J., Villaroel, R., Piattini, M.: Extending UML for Designing Secure Data Warehouses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, Springer, Heidelberg (2004)Google Scholar
  24. 24.
    Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Capturing Security Requirements in Business Processes through a UML 2. In: Roddick, J.F., Benjamins, V.R., Si-Saïd Cherfi, S., Chiang, R., Claramunt, C., Elmasri, R., Grandi, F., Han, H., Hepp, M., Lytras, M., Mišić, V.B., Poels, G., Song, I.-Y., Trujillo, J., Vangenot, C. (eds.) ER 2006. LNCS, vol. 4231, Springer, Heidelberg (2006)Google Scholar
  25. 25.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  26. 26.
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 322–331. Springer, Heidelberg (2006)Google Scholar
  27. 27.
    Sindre, G.: Mal-activity diagrams to capture attacks on business processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007, Trondheim, Norway, 11-12 June. LNCS, vol. 4542, pp. 355–366. Springer, Heidelberg (2007)Google Scholar
  28. 28.
    Sindre, G., Opdahl, A.L.: Capturing Dependability Threats in Conceptual Modelling. In: Krogstie, J., et al. (eds.) Conceptual Modelling in Information Systems Engineering, pp. 247–260. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Diallo, M.H., Romero-Mariona, J., Sim, S.E., Richardson, D.J.: A Comparative Evaluation of Three Approaches to Specifying Security Requirements. REFSQ’06, Luxembourg (2006)Google Scholar
  30. 30.
    Sindre, G.: A look at misuse cases for safety concerns. In: Henderson-Sellers, B., et al. (eds.) IFIP WG8.1 Working Conference on Situational Method Engineering: Fundamentals and Experiences (ME’07), Geneva, Switzerland. IFIP Series, Springer, Heidelberg (2007)Google Scholar
  31. 31.
    Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from theory to execution. American Society for Quality (ASQ), Milwaukee, Wisconsin (1995)Google Scholar
  32. 32.
    Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science 35, 982–1003 (1989)CrossRefGoogle Scholar
  33. 33.
    Tukey, J.W.: Data analysis and behavioral science or learning to bear the quantitative’s man burden by shunning badmandments. In: Jones, L.W. (ed.) The Collected Works of John W. Tukey, Wadsworth, Monterey, CA. Tukey, vol. III, pp. 187–389 (1986)Google Scholar
  34. 34.
    Hopkins, W.G.: A New View of Statistics. University of Queensland, Australia, Brisbane (2001)Google Scholar
  35. 35.
    Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Norwell, MA, USA (2000)CrossRefzbMATHGoogle Scholar
  36. 36.
    Runeson, P.: Using Students as Experiment Subjects – An Analysis on Graduate and Freshmen Student Data. In: Linkman, S. (ed.) 7th International Conference on Empirical Assessment & Evaluation in Software Engineering (EASE’03), pp. 95–102. Keele University, Staffordshire, UK (2003)Google Scholar
  37. 37.
    Arisholm, E., Sjøberg, D.I.K.: Evaluating the Effect of a Delegated versus Centralized Control Style on the Maintainability of Object-oriented Software. IEEE Transactions on Software Engineering 30, 521–534 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Tor Stålhane
    • 1
  • Guttorm Sindre
    • 1
  1. 1.Dept. of Computer and Info. Science, Norwegian Univ. of Sci. and Tech (NTNU)Norway

Personalised recommendations