Abstract
To improve the focus on security and other dependability issues it might be useful to include such concerns into mainstream diagram notations used in information systems analysis. In particular, there have been proposals introducing inverted icons to depict functionality not wanted in the system (e.g., misuse cases) or actors with malicious intent (in i* diagrams), thus addressing security issues in such notations. But there are many other modelling notations also used in early systems development, and the focus on dependability could be strengthened if these provided similar means to incorporate dependability issues. This paper looks at the possibilities for addressing dependability in information models and workflow models. To maintain visual consistency with the abovementioned proposals, it is suggested to apply inverted icons also here. In information models this can be used to represent misinformation, and in workflow models malicious or fraudulent actions attacking the business process. In both cases, inversion of icons contributes to clearly distinguishing between what is wanted in the system and what must be avoided, thus enabling a visual representation of dependability concerns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexander, I., Misuse Cases: Use Cases with Hostile Intent. IEEE Software, 2003. 20(1): p. 58–66.
Andrews, M. and J.A. Whittaker, How to Break Web Software. 2006, Upper Saddle River, NJ: Addison-Wesley.
Bauer, M.D. Fear and loathing in information security. 2005 11 Feb [cited 2006 1 Oct]; Available from: http://www.oreillynet.com/pub/a/network/2005/02/11/mbauer_1.html
Brasethvik, T. and J.A. Gulla. A Conceptual Modeling Approach to Semantic Document Retrieval. in 14th International Conference on Advanced Information Systems Engineering (CAiSE’02). 2002. Toronto: Springer Verlag.
Brasethvik, T. and A. Sølvberg. A Referent Model of Documents. in 1th ERCIM Database Research Group Workshop on Metadata for Web Databases. 1998. Sankt Augustin, Germany: ERCIM.
Burney, M. Don’t Believe Everything You Read-Even in Medical Journals. HealthFactsAndFears.com 2005 [cited 2006 1.1.]; Available from: http://www.acsh.org/factsfears/newsID.591/news_detail.asp
CCIMB, Common Criteria for Information Technology Security Evaluation. 1999, Common Criteria Implementation Board.
CSC. How CSC’s Bill Tafoya Applies Creative Thinking to IT Security. 2002 [cited 2006 1 Oct]; Available from: http://www.csc.com/features/2002/117.shtml
Detwiler, S., Charlatans, Leeches, and Old Wives: Medical Misinformation. Searcher, 2001. 9(3).
Gulla, J.A., O.I. Lindland, and G. Willumsen. PPP: A Integrated CASE Environment. in Advanced Information Systems Engineering, CAiSE’91. 1991. Trondheim, Norway: Springer (Lecture Notes in Computer Science 498).
Ioannidis, J.P.A., Contradicted and initially stronger effects in highly cited clinical journals. Journal of the American Medical Association, 2005. 294: p. 218–228.
Jürjens, J., Secure Systems Development with UML. 2004, Berlin: Springer.
Leveson, N.G., Safeware: System Safety and Computers. 1995, Boston: Addison-Wesley.
Kung, C.H, Sølvberg, A.: Activity Modeling and Behavior Modeling. in IFIP WG 8.1 Working Conference on Comparative Review of Information Systems Design Methodologies: Improving the Practice (CRIS’ 86). 1986. Noordwijkerhout, The Netherlands: North-Holland.
Liu, L., E. Yu, and J. Mylopoulos. Security and Privacy Requirements Analysis within a Social Setting. in 11th International Requirements Engineering Conference (RE’03). 2003. Monterey Bay, CA: IEEE Press.
Mitnick, K.D. and W.L. Simon, The Art of Intrusion. 2006, Indianapolis: Wiley.
Mitnick, K.D. and W.L. Simon, The Art of Deception: Controlling the Human Element of Security. 2002, Indianapolis: Wiley Publishing, Inc.
Mouratidis, H., P. Giorgini, and G. Manson. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. in 15th Conference on Advanced Information Systems Engineering (CAiSE’03). 2003. Velden, Austria: Springer LNCS 2681.
Petit, M., Knowledge map of research in interoperability in the INTEROP NoE. 2004, Univ. Namur, Belgium. p. 278.
Petri, C.A., Kommunikation mit Automaten. 1962, University of Bonn.
Sindre, G. and A.L. Opdahl. Eliciting Security Requirements by Misuse Cases. in 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-PACIFIC 2000). 2000: IEEE CS Press.
Sølvberg, A., Data and what they refer to, in Conceptual Modeling, Current Issues and Future Directions (Selected Papers from the Symposium on Conceptual Modeling, Los Angeles, CA, held before ER’97). P.P. Chen, et al., Editors. 1999, Springer Verlag: Berlin. p. 211–226.
Sølvberg, A. and D.C. Kung. On Structural and Behavioral Modeling of Reality. in IFIP WG 2.6 Working Conference on Data Semantics (DS-1). 1985. Hasselt, Belgium: North-Holland.
Tabaka, C. Medical misinformation on the internet and how it can harm your tortoise.2003 [cited 2006 1.1.]; Available from: http://www.chelonia.org/articles/Medical_misinformation.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Sindre, G., Opdahl, A.L. (2007). Capturing Dependability Threats in Conceptual Modelling. In: Krogstie, J., Opdahl, A.L., Brinkkemper, S. (eds) Conceptual Modelling in Information Systems Engineering. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72677-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-72677-7_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72676-0
Online ISBN: 978-3-540-72677-7
eBook Packages: Computer ScienceComputer Science (R0)