Page 319 - Software and Systems Requirements Engineering in Practice
P. 319

281
                             h

                               a
                                p
                                     1
                                   r
                                  e
                                      1
                                       :
                                 t
                                          H a z a r d   A n a l y s i s   a n d   T h r e a t   M o d e l i n g
                            C C h a p t e r   1 1 :      H  a  z  a  r  d     A  n  a  l  y  s  i  s     a  n  d     T  h  r  e  a  t     M  o  d  e  l  i  n  g     281
                   Example Quality Assurance Script for Hazard Analysis Reviews
                   A  quality  assurance  script  to  ensure  compliance  with  regulatory
                   requirements might read as follows:
                      Loop for each requirement in the database
                         Does  the  requirement  have  a  hazard  associated  with  it?
                        If  the  requirement  has  a  hazard  associated  with  it,  is  the  risk
                        severe enough to warrant mitigation? If the risk is severe enough
                        to  warrant  mitigation,  then  does  the  requirement  trace  to
                        complementary  mitigating  requirements?  If  not,  then  add  the
                        requirement  that  appears  not  to  have  been  mitigated  to  a
                        published list of requirements requiring further investigation.
                      Loop End


                      resulting in injury, and to prevent that from happening, requirements
                      are added to the database to ensure that sensors in the door detect
                      resistance and prevent closure on the passenger. The reflection process
                      is  then  completed  by  creating  traces  from  the  hazard  requiring
                      mitigation to the mitigating requirement.

                      Hazard Analysis and MDRE
                      Extending a modeling tool to support hazard analysis helps support
                      performing visual inspections and conducting reviews. Furthermore,
                      any traces in the model are intrinsic to the relationships. An example
                      is  shown  in  Figure  11.4  of  an  X-ray  machine  use  case,  along  with
                      potential hazards and mitigating requirements. Note that the symbols
                      used to indicate hazards can be domain specific, e.g., radiation, toxic
                      material,  biohazard,  high  voltage,  and  so  on.  The  use  of  domain-
                      specific symbols helps to move the analysis effort from the analyst’s
                      domain  into  the  subject  matter  expert’s  or  customer’s  domain,
                      enabling client and expert reviews (see Chapter 4).






                        Requirement  Hazard Analysis Requires Mitigating Mitigating Is a Mitigating  Mitigates
                                  Completed  Requirements  Requirement  Requirement
                         REQ103.7                   REQ101.5
                       Door closes on  Yes   Yes    REQ103.7.1  No
                       Engineer signal              REQ103.10.3
                         REQ101.5                                          Door
                       Door sensor to  Yes   No               Yes  REQ103.7  Close
                      detect obstruction                                   Hazard
                         in door                                          Analysis
                      FIGURE 11.3  Database attributes supporting hazard analysis
   314   315   316   317   318   319   320   321   322   323   324