Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Patterns for Light-Weight Fault Tolerance and Decoupled Design in Distributed Control Systems Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Safety Architecture Pattern System with Security Aspects

verfasst von : Christopher Preschern, Nermin Kajtazovic, Christian Kreiner

Erschienen in: Transactions on Pattern Languages of Programming IV

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This article builds a structured pattern system with safety patterns from literature and presents the safety patterns. The patterns are analyzed regarding their basic safety-related design decisions (safety tactics) and relationships between the patterns are structurally developed based on these safety tactics. To analyze security aspects, the STRIDE security analysis is used to list relevant threats for the patterns. The threats and the safety tactics are represented in Goal Structuring Notation diagrams as part of the patterns to enable security and safety reasoning.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Patterns for Light-Weight Fault Tolerance and Decoupled Design in Distributed Control Systems
Nächstes Kapitel An Open Source Pattern Language
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
A “pattern system” is similar to a “pattern language”, but compared to a pattern language it does not claim to be complete (Buschmann et al. 1996). Precise definitions about the difference between pattern collections/systems/languages can be found in (Schumacher 2003).
 
2
The 2oo4 architecture is a special version of the M-out-of-N Pattern which is explained in Appendix A.
 
3
A list of all safety tactics is available in Appendix B.
 
4
Actually the threat is added after the “Switch works properly” GSN goal. This goal is just introduced to make the GSN diagram easier to read and it changes nothing about the semantics of the diagram.
 
Literatur
Antonino, P.O., Keuler, T., Antonino, P.: Towards an approach to represent safety patterns. In: The Seventh International Conference on Software Engineering Advances (ICSEA), pp. 228–237 (2012)
Armoush, A.: Design patterns for safety-critical embedded systems. Ph.D. thesis. RWTH Aachen University (2010)
Avizienis, A., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1, 1 (2004)CrossRef
Babar, M.A.: Improving the reuse of pattern-based knowledge in software architecting. In: EuroPLoP, Lero, Ireland, pp. 7–11 (2007)
Bachmann, F., Bass, L., Klein, M.: Deriving architectural tactics: a step toward methodical architectural design. Techncial report, March, Carnegie Mellon Software Engineering Institute (2003)
Buckley, I., Fernandez, E.B., Larrondo-Petrie, M.M.: Patterns combining reliability and security. In: The Third International Conferences on Pervasive Patterns and Applications, PATTERNS 2011 (2011)
Buschmann, F., et al.: Pattern-Oriented Software Architecture: A System of Patterns. Wiley, Hoboken (1996)
Cockram, T.J., Lautieri, S.R.: Combining security and safety principle in practice. In: 2nd Institution of Engineering and Technology International Conference on System Safety, pp. 159–164. IEEE (2007)
Committee on National Security Systems: National Information Assurance Glossary. CNSS Instruction No. 4009 (2010)
Daniels, F., Kim, K., Vouk, M.A.: The reliable hybrid pattern a generalized software fault tolerant design pattern. In: European Conference on Pattern Language of Programs (EuroPLoP), pp. 1–9 (1997)
Dasarathy, B.: Cyber security definitions and academic landscape. In: NPSMA Workshop (2013)
Douglass, B.P.: Safety-critical systems design. Electron. Eng. 70, 862 (1998)
Douglass, B.P.: Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems. Pearson, London (2002)
Douglass, B.P.: Design Patterns for Embedded Systems in C. Elsevier, Amsterdam (2010)
Douglass, B.P.: Software design architecture patterns for embedded systems, chap. In: Software Engineering for Embedded Systems. Elsevier (2013)
Gawand, H., Mundada, R.S., Swaminathan, P.: Design patterns to implement safety and fault tolerance. Int. J. Comput. Appl. 18(2), 6–13 (2011)
Grunske, L.: Transformational patterns for the improvement of safety properties in architectural specification. In: Proceedings of The Second Nordic Conference on Pattern Languages of Programs (VikingPLoP) (2003)
Halkidis, S., Chatzigeorgiou, A., Stephanides, G.: A qualitative analysis of software security patterns. Comput. Secur. 25(5), 379–392 (2006a)
Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G.: Quantitative evaluation of systems with security patterns using a fuzzy approach. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4277, pp. 554–564. Springer, Heidelberg (2006b). https://​doi.​org/​10.​1007/​11915034_​79
Halkidis, S., Tsantalis, N., et al.: Architectural risk analysis of software systems based on security patterns. IEEE Trans. Dependable Secure Comput. 5(3), 129–142 (2008)CrossRef
Hamid, B., Desnos, N., et al.: Model-based security and dependability patterns in RCES - the TERESA approach. In: Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems - S&D4RCES 2010. ACM Press (2010)
Hamid, B., Geisel, J., Ziani, A., Bruel, J.-M., Perez, J.: Model-driven engineering for trusted embedded systems based on security and dependability patterns. In: Khendek, F., Toeroe, M., Gherbi, A., Reed, R. (eds.) SDL 2013. LNCS, vol. 7916, pp. 72–90. Springer, Heidelberg (2013). https://​doi.​org/​10.​1007/​978-3-642-38911-5_​5CrossRef
Hanmer, R.S.: Patterns for Fault Tolerant Software. Wiley, Hoboken (2007)
Hansen, K.: Security attack analysis of safety systems. In: IEEE Conference on Emerging Technologies and Factory Automation, pp. 1–4, September 2009
Harrison, N.B., Avgeriou, P.: Incorporating fault tolerance tactics in software architecture patterns. In: Proceedings of the 2008 RISE/EFTS Joint International Workshop on Software Engineering for Resilient Systems - SERENE 2008. ACM Press (2008)
Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press (2003)
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press (2006)
International Electrotechnical Commission: IEC 61508, Functional Safety of Electrical/ Electronic/ Programmable Electronic Safety Related Systems (2010)
Johnson, C., Yepez, A.: Cyber security threats to safety-critical space-based infrastructures. In: Proceedings of the Fifth Conference of the International Association for the Advancement of Space Safety, no. 1 (2011a)
Johnson, C., Yepez, A.: Mapping the impact of security threats on safety-critical global navigation satellite systems. In: Proceedings of the 29th International Systems Safety Society, no. 1. International Systems Safety Society (2011b)
Kelly, T., Weaver, R.: The goal structuring notation, a safety argument notation. In: Proceedings of the Dependable Systems and Networks Conference (2004)
Kumar, K., Prabhakar, T.V.: Design decision topology model for pattern relationship analysis. In: 1st Asian Conference on Pattern Languages of Programs (AsianPLoP 2010) (2010a)
Kumar, K., Prabhakar, T.V.: Pattern-oriented knowledge model for architecture design. In: 17th Conference on Pattern Languages of Programs (PLoP) (2010b)
Leveson, N.G.: Engineering a Safer World. MIT Press, Cambridge (2012)CrossRef
Nai-Fovino, I., Masera, M., De-Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009)CrossRef
Olivera, A.R.: Taim: a safety pattern repository. B.Sc. thesis. Federal University of Rio Grande do sul (2012)
Preschern, C., Kajtazovic, N., Kreiner, C.: Built-in security enhancements for the 1oo2 safety architecture. In: International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), pp. 103–108. IEEE (2012a)
Preschern, C., Kajtazovic, N., Kreiner, C.: Catalog of security tactics linked to common criteria requirements. In: 19th Conference on Pattern Languages of Programs (PLoP) (2012b)
Preschern, C., Kajtazovic, N., Kreiner, C.: Applying and evaluating architectural IEC 61508 safety patterns. In: 5th International Conference on Software Technology and Engineering (ICSTE) (2013a)
Preschern, C., Kajtazovic, N., Kreiner, C.: Building a safety architecture pattern system. In: 18th European Conference on Pattern Languages of Programs (EuroPLoP) (2013b)
Preschern, C., Kajtazovic, N., Kreiner, C.: Catalog of safety tactics in the light of the IEC 61508 safety lifecycle. In: VikingPLoP (2013c)
Preschern, C., Kajtazovic, N., Kreiner, C.: Security analysis of safety patterns. In: 20th Conference on Pattern Languages of Programs (PLoP) (2013d)
Pullum, L.: Software Fault Tolerance Techniques and Implementation. Artech House, Norwood (2001)MATH
Rauhamäki, J., Kuikka, S.: Patterns for control system safety. In: 18th European Conference on Pattern Languages of Programs (VikingPLoP) (2013)
Rauhamäki, J., Vepsäläinen, T., Kuikka, S.: Architectural patterns for functional safety. In: Nordic Conference on Pattern Languages of Programs (VikingPLoP) (2012)
Rauhamäki, J., Vepsäläinen, T., Kuikka, S.: Patterns for safety and control system cooperation. In: Nordic Conference on Pattern Languages of Programs (VikingPLoP) (2013)
Ryoo, J., Laplante, P., Kazman, R.: A methodology for mining security tactics from security patterns. In: 2010 43rd Hawaii International Conference on System Sciences, pp. 1–5. IEEE (2010)
Saridakis, T.: A system of patterns for fault tolerance. In: EuroPLoP (2002)
Sarma, U.V.R., Rampelli, S., Premchand, P.: A catalog of architectural design patterns for safety-critical real-time systems. Int. J. Eng. Res. Appl. 3(1), 125–131 (2013)
Schaad, A., Borozdin, M.: TAM2: automated threat analysis. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1103–1108. ACM (2012)
Schaad, A., Garaga, A.: Automating architectural security analysis. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 131–132. ACM (2012)
Ugljesa, E., Wacker, H.: Modeling security aspects in safety environment. In: 7th International Conference on Electrical and Electronics Engineering, pp. 46–50 (2011)
Wu, W.: Safety tactics for software architecture design. MA thesis. The University of York (2003)
Wu, W.: Architectural reasoning for safety-critical software applications. Ph.D. thesis. University of York (2007)
Yampolskiy, M., et al.: Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach. In: 5th International Symposium on Resilient Control Systems, pp. 55–62. IEEE, August 2012
Yautsiukhin, A., Scandariato, R.: Towards a quantitative assessment of security in software architectures. In: 13th Nordic Workshop on Secure IT Systems (NordSec) (2008)
Metadaten
Titel
Safety Architecture Pattern System with Security Aspects
verfasst von
Christopher Preschern
Nermin Kajtazovic
Christian Kreiner
Copyright-Jahr
2019
Buch
Transactions on Pattern Languages of Programming IV

Print ISBN: 978-3-030-14290-2

Electronic ISBN: 978-3-030-14291-9

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-14291-9_2

Premium Partner

    Bildnachweise