Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems

Brunner, Michael; Huber, Michael M.; Sauerwein, Clemens; Breu, Ruth

doi:10.1109/qrs-c.2017.63

Cited by 25 publications

(15 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is inspired from a previously reported case and features hybrid disruptions involving both malicious attacks and accidental failures 78 . It is already used as a benchmark for mixed safety and security analysis 60,79 …”

Section: Performing Quantitative Reasoningmentioning

confidence: 99%

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Ponsard

Grandclaudon

Massonet

2021

J Software Evolu Process

View full text Add to dashboard Cite

Summary Designing safety‐critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber‐physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co‐engineering approaches. It advocates for the use of a model‐based approach to provide a sound risk‐oriented process and to capture rationales interconnecting top‐level standards/directives to concrete safety/security measures. We show the benefits of adopting goal‐oriented analysis that can be transposed later to domain‐specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade‐off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services.

show abstract

Section: Performing Quantitative Reasoningmentioning

confidence: 99%

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Ponsard

Grandclaudon

Massonet

2021

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…There are a large number of standards and norms, which have to be fulfilled in a safetycritical environment. That's why (Brunner et al, 2017) developed an approach how to model, document and integrate safety and security requirements. This approach doesn't consider the timing concern, just safety and security.…”

Section: Safety-critical Concernsmentioning

confidence: 99%

Software Product Line Engineering for Safety-critical Systems

Lohmüller

Bauer

2019

Proceedings of the 7th International Conference on Model-Driven Engineering and Software Development

View full text Add to dashboard Cite

Nowadays, modern cars can be configured by means of a wide range of software configuration options. In this context, we speak about Software Product Lines (SPLs). In almost every modern automotive vehicle safetycritical components like, e.g., an Adaptive Cruise Control (ACC) are installed. Some SPLs have different safety-critical requirements whereas other SPLs have similar requirements. This paper proposes an approach for the reduction of the complexity of SPLs without loss of safety (aspects) for all participants. For this purpose, a concept has been developed, which clusters products of SPLs with similar safety-critical requirements, i.e., the set of products of an SPLs, which must still be tested, can be reduced immensely. The paper also provides an application example how the reduced set can be used in order to perform a Safety, Security and Timing (SST) based trade-off analysis.

show abstract

“…Davis et al [10] present a framework that extends the notion of dependability to include possible security violation for the power grid that utilizes state estimation and is evaluated in a simulated model of the power grid. More recently, Brunner et al [11] proposed a combined model for safety and security that is based on Unified Modeling Language (UML) diagrams. These models reside in a higher level of abstraction than our proposed model; they do not contain the structure of the system, do not consider evidence-based security assessment, assessment based on previous reported vulnerability data, and the evaluation targets certification of policy standards.…”

Section: State Of the Artmentioning

confidence: 99%

A model-based approach to security analysis for cyber-physical systems

Bakirtzis¹,

Carter²,

Elks

et al. 2018

2018 Annual IEEE International Systems Conference (SysCon)

View full text Add to dashboard Cite

Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.

show abstract

Towards an Integrated Model for Safety and Security Requirements of Cyber-Physical Systems

Cited by 25 publications

References 10 publications

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Software Product Line Engineering for Safety-critical Systems

A model-based approach to security analysis for cyber-physical systems

Contact Info

Product

Resources

About