Abstract
Safety-critical Cyber-physical Systems (CPS) in vehicles are becoming more and more complex and interconnected. There is a pressing need for holistic approaches for safety and security analysis to address the challenges. System-Theoretic Process Analysis (STPA) is a top-down safety hazard analysis method, based on systems theory especially aimed at such systems. In contrast to established approaches, hazards are treated as a control problem rather than a reliability problem. STPA-Sec extends this approach to also include security analysis. However, when we applied STPA-Sec to real world use cases for joint safety and security analysis, a Battery Management System for a hybrid vehicle, we observed several limitations of the security extension. We propose improvements to address these limitations for a combined safety and security analysis. Our improvements lead to a better identification of high level security scenarios. We evaluate the feasibility of the improved co-analysis method in a self-optimizing battery management system. We also discuss the general applicability of STPA-Sec to high level safety and security analysis and the relation to automotive cybersecurity standards.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Depending on the phase in the charging cycle and the battery there are limits to voltage and current which, when exceeded, may damage the battery.
References
Young, W., Leveson, N.: Systems thinking for safety and security. In: Proceeding ACSAC 2013, pp. 1–8. ACM Press (2013)
Leveson, N.: A new accident model for engineering safer systems. Saf. Sci. 42, 237–270 (2004)
Leveson, N., Thomas, J.: An STPA Primer. Cambridge, MA (2013)
ISO: ISO 26262-Road vehicles-Functional safety (2011)
SAE: J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: 2015 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 621–624. IEEE (2015)
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)
Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) EMMSAD 2012 and BPMDS 2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012)
Steiner, M., Liggesmeyer, P., et al.: Combination of safety and security analysis-finding security problems that threaten the safety of a system. In: Computer Safety, Reliability, and Security (2013)
Masera, M., Nai Fovion, I., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009)
Bouissou, M., Bon, J.-L.: A new formalism that combines advantages of fault-trees and markov models: Boolean logic driven Markov processes. Reliab. Eng. Syst. Saf. 82(2), 149–163 (2003)
ISO/IEC: ISO/IEC 27000 Information technology - Security techniques - Information security management systems - Overview and vocabulary
Miller, C., Valasek, C.: Adventures in Automotive Networks and Control Units, Las Vegas (2013)
Kundur, D., Feng, X., Liu, S., Zourntos, T., Butler-Purry, K.L.: Towards a framework for cyber attack impact analysis of the electric smart grid. In: 2010 First IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 244–249. IEEE (2010)
Dadras, S., Gerdes, R.M., Sharma, R.: Vehicular platooning in an adversarial environment. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 167–178. ACM (2015)
Krotofil, M., Larsen, J., Gollmann, D.: The process matters: ensuring data veracity in cyber-physical systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 133–144. ACM (2015)
Chynoweth, J., Chung, C.-Y., Qiu, C., Chu, P., Gadh, R.: Smart electric vehicle charging infrastructure overview. In: Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5 (2014)
Goodwin, A.: 2011 Kia Optima Hybrid review: 2011 Kia Optima Hybrid, June 2011. http://www.cnet.com/products/2011-kia-optima-hybrid/
Goodwin, A.: 2015 Ford Focus Electric review: Ford keeps its electric car in Focus by lowering the price, November 2014. http://www.cnet.com/products/2015-ford-focus-electric/
Ye, F., Kelly, T.: Component failure mitigation according to failure type. In: 2004 Proceedings of the 28th Annual International Computer Software and Applications Conference. COMPSAC 2004, pp. 258–264. IEEE (2004)
Acknowledgement
This work is partially supported by EU ARTEMIS project AMASS (contract no. 692474) and Austrian Research Promotion Agency FFG on behalf of Austrian Federal Ministry of Transport, Innovation and Technology BMVIT.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Schmittner, C., Ma, Z., Puschner, P. (2016). Limitation and Improvement of STPA-Sec for Safety and Security Co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-45480-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45479-5
Online ISBN: 978-3-319-45480-1
eBook Packages: Computer ScienceComputer Science (R0)