Reconciling Systems-Theoretic and Component-Centric Methods for Safety and Security Co-analysis
As safety-critical systems increasingly rely on computing, communication, and control, there have been a number of safety and security co-analysis methods put forth to identify, assess, and mitigate risks. However, there is an ideological gap between qualitative system-level methods that focus on control interactions, and more traditional methods based on component failure and/or vulnerability. The growing complexity of cyber-physical and socio-technical systems as well as their interactions with their environments seem to demand a systems-theoretic perspective. Yet, at the same time, more complex threats and failure modes imply a greater need for risk-based analysis to understand and prioritize the large volume of information. In this work we identify promising aspects from two existing safety/security co-analysis methods and outline a vision for reconciling them in a new analysis method.
This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. It was also supported in part by the research grant for the Human-Centered Cyber-physical Systems Programme at the Advanced Digital Sciences Center from Singapore’s Agency for Science, Technology and Research (A*STAR).
- 1.IEC 60812: Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA) (2006)Google Scholar
- 2.ISO 26262–1: Road vehicles - functional safety (2011)Google Scholar
- 3.Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: International Conference on Critical Information Infrastructures Security, Paris, FR (2016)Google Scholar
- 4.CSIS: Coast guard commandant addresses cybersecurity vulnerabilities on offshore oil rigs. https://goo.gl/yJN4xi (2015). Accessed 12 Jun 2017
- 5.data.gov.sg Blog: How the circle line rogue train was caught with data. https://goo.gl/qEgy4b (2016). Accessed 12 Jun 2017
- 7.Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: Stpa-safesec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. (2016)Google Scholar
- 9.Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi: 10.1007/978-3-319-24249-1_21 CrossRefGoogle Scholar
- 11.Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31072-0_24 CrossRefGoogle Scholar
- 14.Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-Sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi: 10.1007/978-3-319-45480-1_16 CrossRefGoogle Scholar
- 15.Shostack, A., Lambert, S., Ostwald, T., Hernan, S.: Uncover security design flaws using the STRIDE approach. MSDN Mag. (2006)Google Scholar
- 16.Young, W., Leveson, N.: Systems thinking for safety and security. In: Annual Computer Security Applications Conference, New Orleans, LA, USA (2013)Google Scholar