Date of Award

May 2019

Degree Type


Degree Name

Master of Science (MS)


Electrical Engineering and Computer Science


Shiu-Kai Chin


complete mediation, formal methods, mission assurance, patrol base operations, security analysis, STPA

Subject Categories



The complexity of today’s large, multi-component systems and missions presents a growing risk of failure because of emergent system-level properties. Furthermore, the interconnectivity of systems to other systems creates additional security problems. Yes- terday’s safety and security risk analysis methodologies are no longer effective. To manage this complexity, what is needed is a holistic, thorough, systematic, system-level, and for- mally verified approach to risk analysis to ensure stakeholder-required needs are met, asset losses are mitigated, and the system or mission operates with its intended function- ality. Furthermore, these system and mission risks need to be thoroughly documented to increase the visibility of risks so that decision makers have a solid foundation upon which to base risk-mitigating decisions. Finally, the results of the analysis and decisions need to be formally verified and documented for the purpose of auditing and accountability.

This thesis presents a solution to this problem, System-theoretic and Technical Opera- tional Risk Management (STORM). STORM is a methodology for designing trustworthy systems and missions that conform to industry standards of trustworthiness, namely the NIST SP 800-160 System Security Engineering Framework. It is also comformable to the Risk Management Framework (NIST SP 800-37).

Components of STORM have been successfully demonstrated on automated systems. But testing STORM on a non-automated, human-centered system has yet to be done. This paper demonstrates STORM analysis on the U.S. Army Ranger patrol base opera- tions, an example of such a system. Following the example, this thesis discusses STORM in light of conformance to NIST SP 800-160. It also discusses improvements to STORM that could extend it to a more comprehensive system and mission assurance methodology. This could be done by explicitly adding components of the risk management framework (RMF NIST SP 37 and 800-53) and upgrading its documentation requirements based on the Assurance Case (AC) Methodology [1]. These additions would strengthen STORM’s trustworthiness component.


Open Access

Included in

Engineering Commons



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.