Page 314 - Software and Systems Requirements Engineering in Practice
P. 314

276   S o f t w a r e   &   S y s t e m s   R e q u i r e m e n t s   E n g i n e e r i n g :   I n   P r a c t i c e


                           eems like it is based on the assumption that this hypothetical
                           user with no experience will somehow have access to a body of
                      Sknowledge about the applications, users, and environment that
                      they gloss over as ‘already known information’—just enter it into the
                      tool, it’s that simple. Entering it into the tool is the easy part. Knowing
                      what questions to ask, and where to go to get that information, is the
                      hard  part.  OK,  they  probably  have  a  template  for  the  information
                      gathering. In which case, you have a tool into which inexperienced
                      people can enter information they don’t understand (and might have
                      guessed at if it’s too hard to track down), in order to generate results
                      they  don’t  understand.”—A  security  expert  with  over  20  years  of
                      experience.
                         This  chapter  describes  two  topics,  hazard  analysis  (HA)  and
                      threat modeling (TM). Threat modeling is part of the broader subject
                      of security analysis. Skill in these areas may occasionally be needed
                      by the requirements analyst, but the topics are rarely described in
                      basic RE texts. The role of the requirements analyst will most likely be
                      that of integration and coordination. As hazard analysis and threat
                      modeling are complex subjects, learned over time and performed by
                      experts, this chapter focuses on their relationship to Model-Driven
                      Requirements Engineering (MDRE) as well as on how to integrate
                      their activities into traditional RE processes. For more information on
                      HA or TM, we suggest you look at the references, or one of the many
                      texts available on the subjects.


                 11.1  Hazard Analysis
                      Hazard analysis is performed whenever there is a potential risk to the
                      health  and  safety  of  the  user  of  a  product.  In  many  cases,  the
                      thoroughness and output of an analysis have to meet certain minimum
                      standards that are domain and location specific. In the United States,
                      for example, the Food and Drug Administration (FDA), the Federal
                      Aviation  Administration  (FAA),  and  the  U.S.  Department  of
                      Transportation’s  Federal  Transit  Administration  (FTA)  each  have
                      guidelines for performing hazard analyses.
                      Terms Used in Hazard Analysis
                      There  are  certain  terms  that  are  used  in  hazard  analysis  that  are
                      common across domains. Some of the more frequently used terms
                                                                               1
                      are defined here:
                          •  Hazard  A condition, event, or circumstance that could lead
                             to or contribute to an unplanned or undesired event.



                      1   FAA Order 8040.4
   309   310   311   312   313   314   315   316   317   318   319