Abstract
Critical domains (like Cyber-Physical Systems-CPSs) have witnessed increased demand for considering both safety and security concerns during the early phases of the System Engineering (SE) process. Particularly, in the design phase, safety and security requirements should cascade down across different system views till the architectural design. However, such an enrichment process is often complex and lacks guidance to precisely specify the corresponding properties and consistently break down high-level system specifications into intricate architecture for a rigorous analysis. To this end, we propose a formal approach pursuing joint analysis of safety and security objectives, specialize-able across different system views. In particular, the approach strives for a multi-layered system representation, integrating mission, functional and component views, and libraries of pre-defined safety and security properties, instantiate-able at each layer. We rely upon the meta-modeling and formal techniques for the specification, conceptual modeling, formal interpretation, and verification of the system w.r.t. the allocated properties. The overall approach is validated using Rodin as an instance of a formal-based tool for properties’ verification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Fundamental well-defined notions that are building blocks upon which high-level requirements can be decomposed and characterized.
- 2.
Distribution of POs: Variable initialization (32), System specification (48), Safety and security invariants (11).
References
Abrial, J.R., et al.: Rodin: an open toolset for modelling and reasoning in Event-B. Int. J. Softw. Tools Technol. Transfer 12(6), 447–466 (2010)
Babel, K., Cheval, V., Kremer, S.: On the semantics of communications when verifying equivalence properties. J. Comput. Secur. 28(1), 71–127 (2020)
Bau, J., Mitchell, J.C.: Security modeling and analysis. IEEE Secur. Priv. 9(3), 18–25 (2011)
Bull, R., Segerberg, K.: Basic modal logic. In: Gabbay, D., Guenthner, F. (eds.) Handbook of Philosophical Logic, pp. 1–88. Springer, Dordrecht (1984). https://doi.org/10.1007/978-94-009-6259-0_1
Chattopadhyay, A., Lam, K.Y., Tavva, Y.: Autonomous vehicle: security by design. IEEE Trans. Intell. Transp. Syst. 22, 7015–7029 (2020)
Cherfa, I., Belloir, N., Sadou, S., Fleurquin, R., Bennouar, D.: Systems of systems: from mission definition to architecture description. Syst. Eng. 22(6), 437–454 (2019)
De Miguel, M.A., Briones, J.F., Silva, J.P., Alonso, A.: Integration of safety analysis in model-driven software development. IET Softw. 2(3), 260–280 (2008)
Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Proceedings of the 21st International Conference on Software Engineering, pp. 411–420 (1999)
Fuentes-Fernández, L., Vallecillo-Moreno, A.: An introduction to UML profiles. UML Model Eng. 2(6–13), 72 (2004)
Hong, Z., Lili, X.: Application of software safety analysis using Event-B. In: 2013 IEEE Seventh International Conference on Software Security and Reliability Companion, pp. 137–144. IEEE (2013)
ISO 26262–1:2018 Road vehicles - Functional safety (2018). https://www.iso.org/standard/43464.html
ISO/IEC 27000:2018 Information technology - Security techniques - Information security management systems (2018). https://www.iso.org/standard/73906.html
Letier, E., Van Lamsweerde, A.: Deriving operational software specifications from system goals. ACM SIGSOFT Softw. Eng. Notes 27(6), 119–128 (2002)
Masrur, A., Kit, M., Matěna, V., Bureš, T., Hardt, W.: Component-based design of cyber-physical applications with safety-critical requirements. Microprocess. Microsyst. 42, 70–86 (2016)
Pedroza, G., Apvrille, L., Knorreck, D.: AVATAR: a SysML environment for the formal verification of safety and security properties. In: 2011 11th Annual International Conference on New Technologies of Distributed Systems, pp. 1–10. IEEE (2011)
Rodin: Rodin Platform (2021). https://wiki.event-b.org/
Vistbakka, I., Troubitsyna, E.: Towards a formal approach to analysing security of safety-critical systems. In: 2018 14th European Dependable Computing Conference (EDCC), pp. 182–189. IEEE (2018)
Wan, J., Canedo, A., Al Faruque, M.A.: Cyber-physical codesign at the functional level for multidomain automotive systems. IEEE Syst. J. 11(4), 2949–2959 (2015)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Quamara, M., Pedroza, G., Hamid, B. (2022). Formal Analysis Approach for Multi-layered System Safety and Security Co-engineering. In: Marrone, S., et al. Dependable Computing – EDCC 2022 Workshops. EDCC 2022. Communications in Computer and Information Science, vol 1656. Springer, Cham. https://doi.org/10.1007/978-3-031-16245-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-16245-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16244-2
Online ISBN: 978-3-031-16245-9
eBook Packages: Computer ScienceComputer Science (R0)