Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline

  • Siwar Kriaa
  • Marc Bouissou
  • Frederic Colin
  • Yoran Halgand
  • Ludovic Pietre-Cambacedes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8666)


The digitalization of industrial control systems (ICS) raises several security threats that can endanger the safety of the critical infrastructures supervised by such systems. This paper presents an analysis method that enables the identification and ranking of risks leading to a safety issue, regardless of the origin of those risks: accidental or due to malevolence. This method relies on a modeling formalism called BDMP (Boolean logic Driven Markov Processes) that was initially created for safety studies, and then adapted to security. The use of the method is first illustrated on a simple case to show how it can be used to make decisions in a situation where security requirements are in conflict with safety requirements. Then it is applied to a realistic industrial system: a pipeline and its instrumentation and control system in order to highlight possible interactions between safety and security.


Safety security interdependencies modeling industrial control systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bieber, P., Blanquart, J.P., Descargues, G., Dulucq, M., Fourastier, Y., Hazane, E., Julien, M., Leonardon, L., Sarouille, G.: Security and safety assurance for aerospace embedded systems. In: Proceedings of the 6th International Conference on Embedded Real Time Software and Systems, Toulouse, France, pp. 1–10 (2012)Google Scholar
  2. 2.
    Bouissou, M., Bon, J.-L.: A new formalism that combines advantages of fault-trees and markov models: Boolean logic driven markov processes. Reliability Engineering & System Safety 82(2), 149–163 (2003)CrossRefGoogle Scholar
  3. 3.
    Chiaradonna, S., Di Giandomenico, F., Lollini, P.: Case study on critical infrastructures: Assessment of electric power systems. In: Wolter, K., Avritzer, A., Vieira, M., van Moorsel, A. (eds.) Resilience Assessment and Evaluation of Computing Systems, pp. 365–390. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Eames, D.P., Moffett, J.D.: The integration of safety and security requirements. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 468–480. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Hunter, B.: Integrating safety and security into the system lifecycle. In: Improving Systems and Software Engineering Conference (ISSEC), Canberr, Australia, p. 147 (August 2009)Google Scholar
  6. 6.
    Kornecki, A., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399 (2013)Google Scholar
  7. 7.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (2010)Google Scholar
  8. 8.
    Kriaa, S., Bouissou, M., Pietre-Cambacedes, L.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 2012 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1–8 (2012)Google Scholar
  9. 9.
    Nai Fovino, I., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliability Engineering & System Safety 94(9), 1394–1402 (2009)CrossRefGoogle Scholar
  10. 10.
    Novak, T., Gerstinger, A.: Safety- and security-critical services in building automation and control systems. IEEE Transactions on Industrial Electronics 57(11), 3614–3621 (2010)CrossRefGoogle Scholar
  11. 11.
    Pietre-Cambacedes, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven markov processes (BDMP). In: Dependable Computing Conference (EDCC), 2010 European, pp. 199–208 (2010)Google Scholar
  12. 12.
    Pietre-Cambacedes, L., Bouissou, M.: Modeling safety and security interdependencies with BDMP (boolean logic driven markov processes). In: IEEE International Conference on Systems Man and Cybernetics (SMC), pp. 2852–2861 (2010)Google Scholar
  13. 13.
    Pietre-Cambacedes, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliability Engineering & System Safety 110, 110–126 (2013)CrossRefGoogle Scholar
  14. 14.
    Pietre-Cambacedes, L., Deflesselle, Y., Bouissou, M.: Security modeling with BDMP: from theory to implementation. In: 2011 Conference on Network and Information Systems Security (SAR-SSI), pp. 1–8 (2011)Google Scholar
  15. 15.
    Pietre-Cambacedes, L., Bouissou, M.: Attack and defense dynamic modeling with BDMP (extended version). Tech. rep., Technical Report, Telecom ParisTech (2010)Google Scholar
  16. 16.
    Pietre-Cambacedes, L., Chaudet, C.: The SEMA referential framework: Avoiding ambiguities in the terms “security” and “safety”. International Journal of Critical Infrastructure Protection 3(2), 55–66 (2010)CrossRefGoogle Scholar
  17. 17.
    Smith, J., Russell, S., Looi, M.: Security as a safety issue in rail communications. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software, SCS 2003, vol. 33, pp. 79–88. Australian Computer Society, Inc., Australia (2003)Google Scholar
  18. 18.
    Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis-finding security problems that threaten the safety of a system. In: Proceedings of Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)Google Scholar
  19. 19.
    Sun, M., Mohan, S., Sha, L., Gunter, C.: Addressing safety and security contradictions in cyber-physical systems. In: 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSS 2009), Newark, United States (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Siwar Kriaa
    • 1
    • 2
  • Marc Bouissou
    • 1
    • 2
  • Frederic Colin
    • 1
  • Yoran Halgand
    • 1
  • Ludovic Pietre-Cambacedes
    • 1
  1. 1.Electricité de France (EDF) R&DFrance
  2. 2.Ecole Centrale ParisFrance

Personalised recommendations