Qualitative and Quantitative Analysis of CFTs Taking Security Causes into Account

  • Max Steiner
  • Peter Liggesmeyer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9338)


Component fault trees that contain safety basic events as well as security basic events cannot be analyzed like normal CFTs. Safety basic events are rated with probabilities in an interval [0,1], for security basic events simpler scales such as {low, medium, high} make more sense. In this paper an approach is described how to handle a quantitative safety analysis with different rating schemes for safety and security basic events. By doing so, it is possible to take security causes for safety failures into account and to rate their effect on system safety.


Safety analysis Security analysis Quantitative combined analysis Component fault trees Attack trees Security enhanced component fault trees 



The research leading to these results has received funding from the ARTEMIS Joint Undertaking under grant agreement n\(^\text {o}\) 621429 (project EMC\(^2\)) and from the respective national funding authorities.


  1. 1.
    IEC 61882: Hazard and operability studies (HAZOP studies) – Application guide (2001)Google Scholar
  2. 2.
    IEC 60300-3-1: Dependability management - Part 3–1: Application guide; Analysis techniques for dependability; Guide on methodology, May 2005Google Scholar
  3. 3.
    IEC 61025: Fault tree Analysis (FTA) (2006)Google Scholar
  4. 4.
    Arney, D., Jetley, R., Zhang, Y., Jones, P., Sokolsky, O., Lee, I., Ray, A.: The generic patient controlled analgesia pump model. Website (2009).
  5. 5.
    Casals, S.G., Owezarski, P., Descargues, G.: Risk assessment for airworthiness security. In: Ortmeier, F., Lipaczewski, M. (eds.) SAFECOMP 2012. LNCS, vol. 7612, pp. 25–36. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  6. 6.
    Fovino, I.N., Masera, M., Cian, A.D.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94, 1394–1402 (2009)CrossRefGoogle Scholar
  7. 7.
    Förster, M., Schwarz, R., Steiner, M.: Integration of modular safety and security models for the analysis of the impact of security on safety. Technical Report, Fraunhofer IESE, Technische Universität Kaiserslautern (2010).
  8. 8.
    Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover security design flaws using the stride approach. MSDN Magazine, November 2006.
  9. 9.
    IEC/TC 56 Reliability and maintainability: IEC 60812: Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), January 2006Google Scholar
  10. 10.
    Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  11. 11.
    Kaiser, B., Liggesmeyer, P., Mäckel, O.: A new component concept for fault trees. In: 8th Australian Workshop on Safety Critical Systems and Software. Canberra, October 2003.
  12. 12.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  13. 13.
    Scherschel, F.: Root-Shell im Krankenhaus: Hospira-Infusionspumpe mit Telnet-Lücke. Website (2015).
  14. 14.
    Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014) Google Scholar
  15. 15.
    Schneier, B.: Attack trees. Dr. Dobb’s Journal, December 1999.
  16. 16.
    Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: ROY, M. (ed.) Proceedings of Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013).
  17. 17.
    Verendel, V.: Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: NSPW 2009: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 37–50. ACM, New York, NY, USA (2009)Google Scholar
  18. 18.
    Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault Tree Handbook. U.S, Nuclear Regulatory Commission (1981)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Chair of Software Engineering: DependabilityUniversity of KaiserslauternKaiserslauternGermany

Personalised recommendations