Skip to main content
SpringerLink
Log in

Reconciling Systems-Theoretic and Component-Centric Methods for Safety and Security Co-analysis

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10489))

Included in the following conference series:

Abstract

As safety-critical systems increasingly rely on computing, communication, and control, there have been a number of safety and security co-analysis methods put forth to identify, assess, and mitigate risks. However, there is an ideological gap between qualitative system-level methods that focus on control interactions, and more traditional methods based on component failure and/or vulnerability. The growing complexity of cyber-physical and socio-technical systems as well as their interactions with their environments seem to demand a systems-theoretic perspective. Yet, at the same time, more complex threats and failure modes imply a greater need for risk-based analysis to understand and prioritize the large volume of information. In this work we identify promising aspects from two existing safety/security co-analysis methods and outline a vision for reconciling them in a new analysis method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IEC 60812: Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA) (2006)

    Google Scholar 

  2. ISO 26262–1: Road vehicles - functional safety (2011)

    Google Scholar 

  3. Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: International Conference on Critical Information Infrastructures Security, Paris, FR (2016)

    Google Scholar 

  4. CSIS: Coast guard commandant addresses cybersecurity vulnerabilities on offshore oil rigs. https://goo.gl/yJN4xi (2015). Accessed 12 Jun 2017

  5. data.gov.sg Blog: How the circle line rogue train was caught with data. https://goo.gl/qEgy4b (2016). Accessed 12 Jun 2017

  6. Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009)

    Article  Google Scholar 

  7. Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: Stpa-safesec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. (2016)

    Google Scholar 

  8. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)

    Article  Google Scholar 

  9. Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_21

    Chapter  Google Scholar 

  10. Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)

    Article  Google Scholar 

  11. Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31072-0_24

    Chapter  Google Scholar 

  12. Sabaliauskaite, G., Mathur, A.P.: Aligning cyber-physical system safety and security. In: Cardin, M.A., Krob, D., Lui, P., Tan, Y., Wood, K. (eds.) Complex Systems Design & Management Asia. Springer, Cham (2015). doi:10.1007/978-3-319-12544-2_4

    Google Scholar 

  13. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). doi:10.1007/978-3-319-10506-2_21

    Google Scholar 

  14. Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-Sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_16

    Chapter  Google Scholar 

  15. Shostack, A., Lambert, S., Ostwald, T., Hernan, S.: Uncover security design flaws using the STRIDE approach. MSDN Mag. (2006)

    Google Scholar 

  16. Young, W., Leveson, N.: Systems thinking for safety and security. In: Annual Computer Security Applications Conference, New Orleans, LA, USA (2013)

    Google Scholar 

  17. Young, W., Leveson, N.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. It was also supported in part by the research grant for the Human-Centered Cyber-physical Systems Programme at the Advanced Digital Sciences Center from Singapore’s Agency for Science, Technology and Research (A*STAR).

Author information

Authors and Affiliations

  1. Advanced Digital Sciences Center, Illinois at Singapore, Singapore, Singapore

    William G. Temple, Yue Wu & Binbin Chen

  2. University of Illinois at Urbana-Champaign, Champaign, IL, USA

    Zbigniew Kalbarczyk

Authors
  1. William G. Temple
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yue Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Binbin Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zbigniew Kalbarczyk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to William G. Temple .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

  2. Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  3. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Temple, W.G., Wu, Y., Chen, B., Kalbarczyk, Z. (2017). Reconciling Systems-Theoretic and Component-Centric Methods for Safety and Security Co-analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66284-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66283-1

  • Online ISBN: 978-3-319-66284-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation