A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements

2011 ◽  
Vol 5 (4) ◽  
pp. 8-30
Author(s):  
O. T. Arogundade ◽  
A. T. Akinwale ◽  
Z. Jin ◽  
X. G. Yang
Keyword(s):  
Early Stage ◽  
System Development ◽  
Security Requirements ◽  
Health Care Information ◽  
Safety Requirements ◽  
Misuse Case ◽  
Proposed Model ◽  
Development Life Cycle ◽  
Care Information ◽  
The University

This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements

2013 ◽  
pp. 202-224
Author(s):  
O. T. Arogundade ◽  
A. T. Akinwale ◽  
Z. Jin ◽  
X. G. Yang
Keyword(s):  
Health Care ◽  
Information System ◽  
Risk Analysis ◽  
Security Requirements ◽  
University Of Kansas ◽  
Health Care Information ◽  
Safety Requirements ◽  
Proposed Model ◽  
Care Information ◽  
The University

The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

scholarly journals MBSEsec: Model-Based Systems Engineering Method for Creating Secure Systems

2020 ◽  
Vol 10 (7) ◽  
pp. 2574 ◽  
Author(s):  
Donatas Mažeika ◽  
Rimantas Butleris
Keyword(s):  
Systems Engineering ◽  
Impact Analysis ◽  
Early Stage ◽  
System Development ◽  
Security Analysis ◽  
Security Requirements ◽  
Security Risks ◽  
Secure Systems ◽  
Model Based ◽  
Analysis Process

This paper presents how Model-Based System Engineering (MBSE) could be leveraged in order to mitigate security risks at an early stage of system development. Primarily, MBSE was used to manage complex engineering projects in terms of system requirements, design, analysis, verification, and validation activities, leaving security aspects aside. However, previous research showed that security requirements and risks could be tackled in the MBSE model, and powerful MBSE tools such as simulation, change impact analysis, automated document generation, validation, and verification could be successfully reused in the multidisciplinary field. This article analyzes various security-related techniques and then clarifies how these techniques can be represented in the Systems Modeling Language (SysML) model and then further exploited with MBSE tools. The paper introduces the MBSEsec method, which gives guidelines for the security analysis process, the SysML/UML-based security profile, and recommendations on what security technique is needed at each security process phase. The MBSEsec method was verified by creating an application case study that reflects real-world problems and running an experiment where systems and security engineers evaluated the feasibility of our approach.

scholarly journals Empowering Self-Management through M-Health Applications

2018 ◽  
Vol 150 ◽  
pp. 05018
Author(s):  
Muhaini Othman ◽  
Norhafizah Mohd Halil ◽  
M. Mohd Yusof ◽  
R. Mohamed ◽  
Mohd Hafizul Afifi Abdullah
Keyword(s):  
System Development ◽  
Pilot Project ◽  
Medical Intervention ◽  
Self Management ◽  
Health Care Information ◽  
Java Language ◽  
New Frontier ◽  
Care Information ◽  
Health Applications ◽  
Oriented System

The advancement in mobile technology has led towards a new frontier of medical intervention that never been thought possible before. Through the development of MedsBox Reminder (MBR) application for Android as a pilot project of M-Health, health care information system for patient selfmanagement is made possible. The application acts as an assistant to remind users for their timely medicine intake by notifying them through their mobile phone. MedsBox Reminder application aims to facilitate in the self-management of patient's health where they can monitor and schedule their own medicine intake more efficiently. Development of the application is performed using Android Studio 1.4, Android SDK, MySQL database, SQLite, Java language and Netbeans IDE 8.1. Object-Oriented System Development (OOSD) methodology has been adapted to facilitate the development of the application.

scholarly journals ASSET RENTAL INFORMATION SYSTEM AND WEB-BASED FACILITIES AT ANDALAS UNIVERSITY

2019 ◽  
Vol 2 (2) ◽  
pp. 47-58
Author(s):  
Zainul Efendy ◽  
Ilham Eka Putra ◽  
Rangga Saputra
Keyword(s):  
Information System ◽  
Development Process ◽  
System Analysis ◽  
System Development ◽  
Planning System ◽  
Web Based ◽  
Development Life Cycle ◽  
The Status ◽  
Analysis System ◽  
The University

Andalas University is the oldest university outside Java Island, and is the fourth oldest university in Indonesia. The University of Andalas also has assets and facilities such as buildings, land, equipment, campus buses and official vehicles managed by the administration acnd general 2 fields under the leadership of the Vice Rector 2, the assets and facilities available at the university andalas are also leased to people who want to rent or use existing facilities. Payment transactions and report recaps are still done manually this makes managers in recording transaction data becomes difficult. The status of pay by the lessee is difficult to track if the leader requests the report results. Therefore we need an information system to manage rental transaction and facilities at university andalas, that is information system that can recap asset, tenant and payment data. The research method used is System Development Life Cycle (SDLC) research, in SDLC development process consisting of system planning, system analysis, system design, and system implementation. With this information system is expected both parties' transactions can be easily and mutually beneficial and the storage can also supervise transactions that exist wherever they are

scholarly journals A UML Profile for Security and Code Generation

2018 ◽  
Vol 8 (6) ◽  
pp. 5278
Author(s):  
Abdellatif Lasbahani ◽  
Mostafa Chhiba ◽  
Abdelmoumen Tabyaoui
Keyword(s):  
Code Generation ◽  
Early Stage ◽  
System Development ◽  
Unified Modeling Language ◽  
Data Encryption ◽  
Security Requirements ◽  
Uml Profile ◽  
Implementation Phase ◽  
Model Driven ◽  
Flow Monitoring

Recently, many research studies have suggested the integration of safety engineering at an early stage of modeling and system development using Model-Driven Architecture (MDA). This concept consists in deploying the UML (Unified Modeling Language) standard as aprincipal metamodel for the abstractions of different systems. To our knowledge, most of this work has focused on integrating security requirements after the implementation phase without taking them into account when designing systems. In this work, we focused our efforts on non-functional aspects such as the business logic layer, data flow monitoring, and high-quality service delivery. Practically, we have proposed a new UML profile for security integration and code generation for the Java platform. Therefore, the security properties will be described by a UML profile and the OCL language to verify the requirements of confidentiality, authorization, availability, data integrity, and data encryption. Finally, the source code such as the application security configuration, the method signatures and their bodies, the persistent entities and the security controllers generated from sequence diagram of system’s internal behavior after its extension with this profile and applying a set of transformations.

How Evacuees Obtained Health Care Information After the Great East Japan Earthquake: A Qualitative Interview Study

2017 ◽  
Vol 11 (6) ◽  
pp. 729-734
Author(s):  
Haruka Ota ◽  
Kikuko Miyazaki ◽  
Takeo Nakayama
Keyword(s):  
Health Care ◽  
Early Stage ◽  
Comparative Method ◽  
Great East Japan Earthquake ◽  
Health Care Information ◽  
Structured Interviews ◽  
Qualitative Interview Study ◽  
Constant Comparative Method ◽  
Care Information ◽  
Factors Of Influence

AbstractObjectiveTo explore how evacuees obtained health care information at their evacuation destinations after the Great East Japan Earthquake.MethodsWe conducted semi-structured interviews of 11 evacuees who moved to City A in Kyoto Prefecture following the Great East Japan Earthquake. The interviews explored how the evacuees obtained health care information, including the main factors of influence. The interviews were transcribed and analyzed to identify trends by using the constant comparative method.ResultsFour categories emerged from 6 concepts. Mother-children evacuees and family evacuees tended to obtain health care information in different ways. Family evacuees had moved as a family unit and had obtained their health care information from local neighbors. Mother-children evacuees were mothers who had moved with their children, leaving behind other family members. These evacuees tended to obtain information from other mother-children evacuees. At the time of evacuation, we found 2 factors, emotions and systems, influencing how mother-children evacuees obtained health care information.ConclusionsWe found 2 different ways of obtaining health care information among mother-children evacuees and other evacuees. At the time of evacuation, 2 factors, emotions and systems, influenced how mother-children evacuees obtained health care information. Community-building support should be a priority from an early stage after a disaster for health care management. (Disaster Med Public Health Preparedness. 2017;11:729–734)

Sign in / Sign up

Export Citation Format

Share Document