nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems

verfasst von : Lijun Shan, Behrooz Sangchoolie, Peter Folkesson, Jonny Vinter, Erwin Schoitsch, Claire Loiseaux

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Safety-critical systems are required to comply with safety standards. These systems are increasingly digitized and networked to an extent where they need to also comply with security and privacy standards. This paper aims to provide insights into how practitioners apply the standards on safety, security or privacy (Sa/Se/Pr), as well as how they employ Sa/Se/Pr analysis methodologies and software tools to meet such criteria. To this end, we conducted a questionnaire-based survey within the participants of an EU project SECREDAS and obtained 21 responses. The results of our survey indicate that safety standards are widely applied by product and service providers, driven by the requirements from clients or regulators/authorities. When it comes to security standards, practitioners face a wider range of standards while few target specific industrial sectors. Some standards linking safety and security engineering are not widely used at the moment, or practitioners are not aware of this feature. For privacy engineering, the availability and usage of standards, analysis methodologies and software tools are relatively weaker than for safety and security, reflecting the fact that privacy engineering is an emerging concern for practitioners.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Assuring Compliance with Protection Profiles with ThreatGet

Nächstes Kapitel Combined Approach for Safety and Security

The questionnaire could be found at:

http://www.internetoftrust.com/wp-content/uploads/2019/06/Secredas_Questionnaire_Standards_public.pdf.

IEC61508:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems. Standard, International Electrotechnical Commission (IEC) (2010)

SECREDAS project. http://secredas.eu. Accessed 03 Apr 2019

SAE J3061-2016 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Standard, Society of Automotive Engineers (SAE) (2016)

Henniger, O., Ruddle, A., Seudié, H., Weyl, B., Wolf, M., Wollinger, T.: Securing vehicular on-board IT systems: the EVITA project. In: VDI/VW Automotive Security Conference, p. 41 (2009)

ETSI TS 102 165-1 V5.2.3 (2017-10) CYBER; Methods and protocols; Part 1: Method and proforma for Threat, Vulnerability, Risk Analysis (TVRA). Standard, European Telecommunications Standards Institute (ETSI) (2017)

Alberts, C.J., Dorofee, A.: Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)

HEAling Vulnerabilities to ENhance Software Security and Safety (HEAVENS) project. https://research.chalmers.se/en/project/5809. Accessed 03 Apr 2019

ISO 25119:2018 Tractors and machinery for agriculture and forestry – Safety-related parts of control systems. Standard, International Organization for Standardization (ISO) (2018)

ISO/SAE CD 21434 Road Vehicles – Cybersecurity engineering. Standard, International Organization for Standardization (ISO), under development

10.

GlobalPlatform Specifications. https://globalplatform.org/specs-library/. Accessed 03 Apr 2019

11.

ETSI TS 101 733 V2.2.1 (2013-04) Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES). Standard, European Telecommunications Standards Institute (ETSI) (2013)

12.

ETSI TS 101 903 V1.4.1 (2009-06) XML Advanced Electronic Sig- natures (XAdES). Standard, European Telecommunications Standards Institute (ETSI) (2009)

13.

IEC 62443:2018 Security for industrial automation and control systems. Standard, International Electrotechnical Commission (IEC) (2018)

14.

ETSI TS 102 204 V1.1.4 (2003-08) XML Advanced Mobile Commerce (M-COMM); Mobile Signature Service; Web Service Interface. Standard, European Telecommunications Standards Institute (ETSI) (2003)

15.

ISO/IEC 27000 family - Information security management systems. Standard, International Organization for Standardization (ISO) (2018)

16.

eIDAS: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Regulation, The European Parliament and the Council of the European Union (2014)

17.

ISO/IEC 15408:2009 Information technology – Security techniques – Evaluation criteria for IT security. Standard, International Organization for Standardization (ISO) (2015)

18.

RFCs Internet cryptographic standards. Standard, Federal Information Processing Standards (FIPS)

19.

NIST Special Publication 800-series. Standard, National Institute of Standards and Technology (NIST) (2018)

20.

Trusted Information Security Assessment Exchange (TISAX). Standard, German Association of the Automotive Industry (VDA) (2017)

21.

ETSI TS 103 532 V1.1.1(2018-03) CYBER; Attribute Based Encryption for Attribute Based Access Control. Standard, European Telecommunications Standards Institute (ETSI) (2018)

22.

BSI IT-Grundschutz. Standard, German Federal Office for Information Security (BSI) (2015)

23.

GlobalPlatform Privacy Framework v1.0. Standard, GlobalPlatform (2017)

24.

ISO/IEC 29100:2011 Information technology – Security techniques – Privacy framework. Standard, International Organization for Standardization (ISO) (2011)

25.

ISO/IEC 19286:2018 Identification cards – Integrated circuit cards – Privacy-enhancing protocols and services. Standard, International Organization for Standardization (ISO) (2018)

26.

ISO/IEC PDTR 27550: Information technology – Security techniques – Privacy engineering. Standard, International Organization for Standardization (ISO), under development

27.

General Data Protection Regulation (GDPR): Regulation, European Parliament and Council of the European Union (2018)

28.

Standard Data Protection Model (SDP Model): Standard, German Federal and State Commissioners (2017)

29.

IEC TR 63069 ED1: Industrial-process measurement, control and automation - Framework for functional safety and security. Standard, International Electrotechnical Commission (IEC), under development

30.

ISO 26262:2018 Road vehicles – Functional safety. Standard, International Organization for Standardization (ISO) (2018)

31.

Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 GRVA. Standard, United Nations Economic Commission for Europe (UNECE) (2018)

32.

Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Quality Press, Milwaukee (2003)

33.

Ericson, C.A.: Fault tree analysis. In: System Safety Conference, Orlando, Florida,vol. 1, pp. 1–9 (1999)

34.

Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

35.

Common Criteria. https://www.commoncriteriaportal.org. Accessed 03 Apr 2019

Titel: A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems
verfasst von: Lijun Shan
Behrooz Sangchoolie
Peter Folkesson
Jonny Vinter
Erwin Schoitsch
Claire Loiseaux
Verlag: Springer International Publishing
Buch: Computer Safety, Reliability, and Security
Print ISBN: 978-3-030-26249-5

Electronic ISBN: 978-3-030-26250-1

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-26250-1_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"