The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.
TopIntroduction
Use case method is a research tool in Requirement Engineering (RE) field where the concept of use case is used to model functional requirements and misuse case is used to model non-functional requirements for a system. The use of use case is becoming popular for determining, communicating, specifying and documenting requirements (Constantine & Lockwood, 1999; Cockburn, 2001; Jacobson et al., 1992; Kulak & Guiney, 2000; Rumbaugh, 1994). Misuse case, the extension of use case by Sindre and Opdahl (2005), allows the concept of use case to be useful in eliciting non-functional requirements. Safety and security requirements are often developed independently of the rest of the requirements engineering activity and hence are not integrated into the mainstream of the requirements activities. As a result, safety and security requirements that are specific to the system and that provide for protection of essential services, features and assets are often neglected (Mead, 2007).
The ad hoc integration of safety and security mechanisms into a software system which has already been developed has a negative impact on the maintainability and security of the system (Eduardo, Jurjens, Trujillo, & Sushil, 2009)
With the ever increasing exploitation of networking technologies, it is now imperative that both safety and security will be taken into account during the early stage of system development life cycle (Harrison & Sujan, 2008).
In our initial work (Arogundade et al., in press) we have introduced vulnerable use case including inside abuser in order to address the issue of deliberate act for safety concerns. This paper refines this initial work by proposing an enhanced use-misuse case model for eliciting and analyzing safety and security requirements in a unified framework. The ideas in this paper have been applied to one realistic case study, the e-health care system. The e-health care information used in this paper is retrieved from Health Information Technology Resource Toolkit developed through the university of Kansas HISPC project (http://ehealth.kansashealthonline.org).