Top

Published in:

2020 | OriginalPaper | Chapter

Safety and Security Interference Analysis in the Design Stage

Authors : Jabier Martinez, Jean Godot, Alejandra Ruiz, Abel Balbis, Ricardo Ruiz Nolasco

Published in: Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Safety and security engineering have been traditionally separated disciplines (e.g., different required knowledge and skills, terminology, standards and life-cycles) and operated in quasi-silos of knowledge and practices. However, the co-engineering of these two critical qualities of a system is being largely investigated as it promises the removal of redundant work and the detection of trade-offs in early stages of the product development life-cycle. In this work, we enrich an existing safety-security co-analysis method in the design stage providing capabilities for interference analysis. Reports on interference analyses are crucial to trigger co-engineering meetings leading to the trade-offs analyses and system refinements. We detail our automatic approach for this interference analysis, performed through fault trees generated from safety and security local analyses. We evaluate and discuss our approach from the perspective of two industrial case studies on the space and medical domains.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Collecting and Classifying Security and Privacy Design Patterns for Connected Vehicles: SECREDAS Approach

next chapter Formalising the Impact of Security Attacks on IoT Safety

Safety Architect: https://www.riskoversee.com/en/safety-architect-en/.

ISO/IEC 27005:2018 - Information security risk management

Abdulkhaleq, A., Wagner, S., Lammering, D., Boehmert, H., Blueher, P.: Using STPA in compliance with ISO 26262 for developing a safe architecture for fully automated vehicles. In: Automotive-Safety and Security 2017, Stuttgart (2017)

ANSSI: Expression of Needs and Identification of Security Objectives - EBIOS Security knowledge Base (2010). https://tinyurl.com/ebios2010

Apvrille, L., Li, L.W.: Harmonizing safety, security and performance requirements in embedded systems. In: DATE 2019, pp. 1631–1636. IEEE (2019)

AQUAS project: D3: Combined Safety, Security and Performance Analysis and Assessment Techniques (2019). https://aquas-project.eu/documents/

Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE TDSC 1(1), 11–33 (2004)

Dutoit, A.H., McCall, R., Mistrik, I., Paech, B.: Rationale Management in Software Engineering. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-540-30998-7CrossRef

Falleri, J.R.: Automatic Refactoring and Alignment of Class Models (Contributions à l’IDM : reconstruction et alignement de modèles de classes). Ph.D. thesis (2009). http://www.theses.fr/2009MON20103 and https://github.com/jrfaller/galatea

Fenelon, P., McDermid, J.A., Nicolson, M., Pumfrey, D.J.: Towards integrated safety analysis and design. SIGAPP Appl. Comput. Rev. 2(1), 21–32 (1994)CrossRef

10.

Ganter, B., Wille, R., Franzke, C.: Formal Concept Analysis: Mathematical Foundations, 1st edn. Springer, Heidelberg (1997). https://doi.org/10.1007/978-3-642-59830-2CrossRef

11.

Gehlot, V., Nigro, C.: An introduction to systems modeling and simulation with colored petri nets. In: Winter Simulation Conference, pp. 104–118 (2010)

12.

ARC advisory group, Kaspersky, T.M.: The state of industrial cybersecurity (2019). https://ics.kaspersky.com/media/2019_Kaspersky_ARC_ICS_report.pdf

13.

Gruber, T., Schmittner, C., Matschnig, M., Fischer, B.: Co-engineering-in-the-loop. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 151–163. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_14CrossRef

14.

IEC 61025: Fault Tree Analysis, 2nd edn. (2006)

15.

Kaiser, B., et al.: Advances in component fault trees. In: ESREL (2018)

16.

Larrucea, X., Nanclares, F., Santamaria, I., Nolasco, R.R.: Approach for enabling security across PLC phases: an industrial use case. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 354–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_29CrossRef

17.

Lee, W.S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications - a review. IEEE Trans. Reliab. R–34(3), 194–203 (1985)CrossRef

18.

Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, Cambridge (2012)CrossRef

19.

Maaskant, R.: Interactive visualization of fault trees (2016). https://fmt.ewi.utwente.nl/media/169.pdf

20.

Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: Sahara: a security-aware hazard and risk analysis method. In: DATE (2015)

21.

Netkachova, K., Bloomfield, R.E.: Security-informed safety. IEEE Comput. 49(6), 98–102 (2016)CrossRef

22.

Open-PSA: Fault tree exchange format. https://open-psa.github.io

23.

Papadopoulos, Y., McDermid, J.A.: Hierarchically performed hazard origin and propagation studies. In: Felici, M., Kanoun, K. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 139–152. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48249-0_13CrossRef

24.

Paul, S., et al.: Recommendations for Security and Safety Co-engineering - Part A. MERGE project (2016)

25.

Pomante, L., et al.: The AQUAS ECSEL Project aggregated quality assurance for systems: co-engineering inside and across the product life cycle. Microprocess. Microsyst. 69, 54–67 (2019)CrossRef

26.

Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29–62 (2015)MathSciNetCrossRef

27.

Ruiz, A., Puelles, J., Martinez, J., Gruber, T., Matschnig, M., Fischer, B.: Preliminary safety-security co-engineering process in the industrial automation sector. In: ERTS 2020, 10th European Congress on Embedded Real Time Systems (2020)

28.

Sango, M., Godot, J., Gonzalez, A., Nolasco, R.R.: Model-based system, safety and security co-engineering method and toolchain for medical devices design. In: 2019 Design of Medical Devices Conference (DMDC) (2019)

29.

Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_21CrossRef

30.

Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

31.

Shipman, F.M., McCall, R.J.: Integrating different perspectives on design rationale: supporting the emergence of design rationale from design communication. AI Eng. Des. Anal. Manuf. 11(2), 141–154 (1997)

32.

Steiner, M.: Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees. Ph.D. thesis, TU Kaiserslautern (2016)

33.

The Consultative Committee for Space Data Systems: CCSDS Cryptographic Algorithms, December 2014

34.

Vacca, J.R.: Computer and Information Security Handbook, 3rd edn. Morgan Kaufmann Publishers Inc., Burlington (2017)

35.

Verma, S., Gruber, T., Schmittner, C., Puschner, P.: Combined approach for safety and security. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 87–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_7CrossRef

36.

Yi, S., Wang, H., Ma, Y., Xie, F., Zhang, P., Di, L.: A safety-security assessment approach for communication-based train control (CBTC) systems based on the extended fault tree. In: ICCCN (2018)

Title: Safety and Security Interference Analysis in the Design Stage
Authors: Jabier Martinez
Jean Godot
Alejandra Ruiz
Abel Balbis
Ricardo Ruiz Nolasco
Publisher: Springer International Publishing
Book: Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops
Print ISBN: 978-3-030-55582-5

Electronic ISBN: 978-3-030-55583-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-55583-2_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner