Belli, FevziBudnik, Christof J.Nissanke, NimalBrinkschulte, UweBecker, JürgenFey, DietmarGroßpietsch, Karl-ErwinHochberger, ChristianMaehle, ErikRunkler, Thomas A.2019-10-302019-10-3020043-88579-370-9https://dl.gi.de/handle/20.500.12116/29367Man-machine systems have several desirable properties, as to user friendliness, reliability, safety, security or other global system attributes. The potential for the lack, or breaches, of any such property constitutes a system vulnerability, which can lead to a situation that is undesirable from user's point of view. This undesired situation could be triggered by special events in the form of intended, or unintended, attacks from the system's environment. We view the undesirable system features as the sum of the situations, which are, mathematically speaking, complementary to the desirable ones that must be taken into account from the very beginning of the system development to achieve a stable system behavior and a robust operation. This work is about the modeling, analysis and testing of both desirable and undesirable system features which can be viewed as relations between the system and its operation.enText/Conference Paper1617-5468