Safety and Security Co-engineering and Argumentation Framework

Martin, Helmut; Bramberger, Robert; Schmittner, Christoph; Ma, Zhenliang; Gruber, Thomas; Ruíz, Alejandra; Macher, Georg

doi:10.1007/978-3-319-66284-8_24

Cited by 6 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Twenty‐four studies 84–107 were discussing architecture analysis. Fourteen studies 77,108–120 were discussing how to make architectural design of systems both safe and secure through modeling and analysis.…”

Section: Mapping Study Resultsmentioning

confidence: 99%

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions.

show abstract

Section: Mapping Study Resultsmentioning

confidence: 99%

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…Actuator Sensor Furthermore, the STPA-Sec approach regards the security issue as one of the key threats affecting system safety (Wei & Madnick, 2018) and only supports the identification of safety-related security goals (Martin et al, 2017). Non-safety-related security issues like confidentiality may be overlooked.…”

Section: Control Actions Feedbackmentioning

confidence: 99%

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

Wagner

Luo

2021

PeerJ Computer Science

View full text Add to dashboard Cite

Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and specify security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, the System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats, and is applicable for complex socio-technical systems. However, the STPA-Sec pays less attention to the non-safety but information-security issues (e.g., data confidentiality) and lacks efficient guidance for identifying information security concepts. In this article, we propose a data-flow-based adaption of the STPA-Sec (named STPA-DFSec) to overcome the mentioned limitations and elicit security constraints systematically. We use the STPA-DFSec and STPA-Sec to analyze a vehicle digital key system and investigate the relationship and differences between both approaches, their applicability, and highlights. To conclude, the proposed approach can identify information-related problems more directly from the data processing aspect. As an adaption of the STPA-Sec, it can be used with other STPA-based approaches to co-design systems in multi-disciplines under the unified STPA framework.

show abstract

“…The first paradigm focuses on claims, evidences, and structured arguments which justify how the evidences can satisfy the claims. Techniques in this category include GSN patterns to overcome challenges on how to integrate and harmonize critical issues on safety in addition to security for their systems [17][18][19][20][21]. The second paradigm focuses on building an argument attached to AADL models.…”

Section: Related Workmentioning

confidence: 99%

VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System

Meng

Larraz

Siu

et al. 2021

Systems

View full text Add to dashboard Cite

The ever-increasing complexity of cyber-physical systems is driving the need for assurance of critical infrastructure and embedded systems. However, traditional methods to secure cyber-physical systems—e.g., using cyber best practices, adapting mechanisms from information technology systems, and penetration testing followed by patching—are becoming ineffective. This paper describes, in detail, Verification Evidence and Resilient Design In anticipation of Cybersecurity Threats (VERDICT), a language and framework to address cyber resiliency. When we use the term resiliency, we mean hardening a system such that it anticipates and withstands attacks. VERDICT analyzes a system in the face of cyber threats and recommends design improvements that can be applied early in the system engineering process. This is done in two steps: (1) Analyzing at the system architectural level, with respect to cyber and safety requirements and (2) by analyzing at the component behavioral level, with respect to a set of cyber-resiliency properties. The framework consists of three parts: (1) Model-Based Architectural Analysis and Synthesis (MBAAS); (2) Assurance Case Fragments Generation (ACFG); and (3) Cyber Resiliency Verifier (CRV). The VERDICT language is an Architecture Analysis and Design Language (AADL) annex for modeling the safety and security aspects of a system’s architecture. MBAAS performs probabilistic analyses, suggests defenses to mitigate attacks, and generates attack-defense trees and fault trees as evidence of resiliency and safety. It can also synthesize optimal defense solutions—with respect to implementation costs. In addition, ACFG assembles MBAAS evidence into goal structuring notation for certification purposes. CRV analyzes behavioral aspects of the system (i.e., the design model)—modeled using the Assume-Guarantee Reasoning Environment (AGREE) annex and checked against cyber resiliency properties using the Kind 2 model checker. When a property is proved or disproved, a minimal set of vital system components responsible for the proof/disproof are identified. CRV also provides rich and localized diagnostics so the user can quickly identify problems and fix the design model. This paper describes the VERDICT language and each part of the framework in detail and includes a case study to demonstrate the effectiveness of VERDICT—in this case, a delivery drone.

show abstract

Safety and Security Co-engineering and Argumentation Framework

Cited by 6 publications

References 10 publications

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Data-flow-based adaption of the System-Theoretic Process Analysis for Security (STPA-Sec)

VERDICT: A Language and Framework for Engineering Cyber Resilient and Safe System

Contact Info

Product

Resources

About