Towards Combined Safety and Security Constraints Analysis

  • Daniel Pereira
  • Celso HirataEmail author
  • Rodrigo Pagliares
  • Simin Nadjm-Tehrani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10489)


A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is a well-known framework that has been largely employed to aid in identifying threats event/source and vulnerabilities, determining the effectiveness security control, and evaluating the adverse impact of risks. Safety and security analyses, when performed independently, may generate conflicts of design constraints that result in an inconsistent design. This paper reports a novel integrated approach for safety analysis and security analysis of systems. In our approach, safety analysis is conducted with STPA while security analysis employs NIST SP800-30. It builds on a specification of security and safety constraints and outlines a scheme to automatically analyze and detect conflicts between and pairwise reinforcements of various constraints. Preliminary results show that the approach allows security and safety teams to perform a more efficient analysis.


Safety analysis Security analysis STPA NIST SP800-30 



The work of the last author was supported by the national projects on aeronautics (NFFP6-00917) and the research centre on Resilient Information and Control Systems ( The work of the second author was supported by the Conselho Nacional de Desenvolvimento Científico e Tecnológico under grant number Universal 01/2016 403921/2016-3.


  1. 1.
    Johnson C.: Why we cannot (yet) ensure the cyber-security of safety-critical systems. Accessed 2017/05/14
  2. 2.
    Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Cambridge (2011)Google Scholar
  3. 3.
    Leveson, N.: An STPA Primer:What is STPA? Accessed 12 May 2017
  4. 4.
    Young, W., Leveson, N.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014)CrossRefGoogle Scholar
  5. 5.
    Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2016)Google Scholar
  6. 6.
    National Institute of Standards and Technology: NIST Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments (2012)Google Scholar
  7. 7.
    RTCA DO-326A: Airworthiness security process specification. RTCA (2014)Google Scholar
  8. 8.
    Oates, R., Foulkes, D., Herries, G., Banham, D.: Practical extensions of safety critical engineering processes for securing industrial control systems. In: 8th IET International System Safety Conference incorporating the Cyber Security Conference Proceedings, pp. 1–6. IET, Cardiff (2013)Google Scholar
  9. 9.
    Subramanian, N., Zalewski, J.: Quantitative assessment of safety and security of system architectures for cyberphysical systems using the NFR approach. IEEE Syst. J. 10(2), 397–409 (2016)CrossRefGoogle Scholar
  10. 10.
    Nostro, N., Bondavalli, A., Silva, N.: Adding security concerns to safety critical certification. In: IEEE International Symposium on Software Reliability Engineering Workshops Proceedings, Naples (2014)Google Scholar
  11. 11.
    Thomas, J.: Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis. MIT Ph.D. dissertation, Cambridge (2013)Google Scholar
  12. 12.
    Troubitsyna, E.: An integrated approach to deriving safety and security requirements from safety cases. In: IEEE 40th Annual Computer Software and Applications Conference Proceedings, Atlanta (2016)Google Scholar
  13. 13.
    Katta, V., Raspotnig, C., Karpati, P., Stålhane, T.: Requirements management in a combined process for safety and security assessments. In: International Conference on Availability, Reliability and Security, Regensburg (2013)Google Scholar
  14. 14.
    Netkachova, K., Müller, K., Paulitsch, M., Bloomfield, R.: Security-informed safety case approach to analysing MILS systems. In: International Workshop on MILS: Architecture and Assurance for Secure Systems, Amsterdam (2015)Google Scholar
  15. 15.
    Egyed, A., Grunbacher, P.: Identifying requirements conflicts and cooperation: how quality attributes and automated traceability can help. IEEE Softw. 21(6), 50–58 (2004)CrossRefGoogle Scholar
  16. 16.
    Tabassum, M., Siddik, M., Shoyaib, M., Khaled, S.: Determining interdependency among non-functional requirements to reduce conflict. In: International Conference on Informatics, Electronics & Vision (ICIEV), Dhaka (2014)Google Scholar
  17. 17.
    Hu, H., Ma, Q., Zhang, T., Tan, Y., Xiang, H., Fu, C., Feng, Y.: Semantic modelling and automated reasoning of non-functional requirement conflicts in the context of softgoal interdependencies. IET Softw. 9(6), 145–156 (2015)CrossRefGoogle Scholar
  18. 18.
    Sadana, V., Liu, X.: Analysis of conflicts among non-functional requirements using integrated analysis of functional and non-functional requirements. In: 31st Annual International Computer Software and Applications Conference Proceedings, Beijing (2007)Google Scholar
  19. 19.
    Salado, A., Nilchiani, R.: The concept of order of conflict in requirements engineering. IEEE Syst. J. 10(1), 25–35 (2016)CrossRefGoogle Scholar
  20. 20.
    Pereira, D., Hirata, C., Pagliares, R., De Lemos, F.: STPA-Sec for security of flight management system. In: 2017 STAMP Workshop (2017). Accessed 12 May 2017

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Daniel Pereira
    • 1
  • Celso Hirata
    • 1
    Email author
  • Rodrigo Pagliares
    • 1
    • 2
  • Simin Nadjm-Tehrani
    • 3
  1. 1.Instituto Tecnológico de AeronáuticaSão José dos CamposBrazil
  2. 2.Universidade Federal de Alfenas, UNIFAL-MGAlfenasBrazil
  3. 3.Linköping UniversityLinköpingSweden

Personalised recommendations