Entity

Time filter

Source Type

Washington, DC, United States

Hartong M.,U.S. Federal Railroad Administration | Goel R.,Howard University | Wijesekera D.,George Mason University
Innovations in Systems and Software Engineering | Year: 2014

Use cases and misuse cases, respectively, state the interactions that an actor can have and a mal-actor be prevented from having with a system. The cases do not specify either the security requirements or the associated attributes that a system must possess to operate in a secure manner. We present an algorithmic, domain-independent approach rooted in verb-noun analysis of use cases and misuse cases to generate system requirements and the associated security attributes. We illustrate the utility of this general five-step method using Positive train control (PTC) (a command and control system used to navigate trains in a railway grid) as a case study. This approach allows the designer to protect against the effect of wireless vulnerabilities on the safety of PTC systems. © 2013 Springer-Verlag London. Source

Discover hidden collaborations