SpringerLink
Log in

Safety and Security Interference Analysis in the Design Stage

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops (SAFECOMP 2020)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12235))

Included in the following conference series:

Abstract

Safety and security engineering have been traditionally separated disciplines (e.g., different required knowledge and skills, terminology, standards and life-cycles) and operated in quasi-silos of knowledge and practices. However, the co-engineering of these two critical qualities of a system is being largely investigated as it promises the removal of redundant work and the detection of trade-offs in early stages of the product development life-cycle. In this work, we enrich an existing safety-security co-analysis method in the design stage providing capabilities for interference analysis. Reports on interference analyses are crucial to trigger co-engineering meetings leading to the trade-offs analyses and system refinements. We detail our automatic approach for this interference analysis, performed through fault trees generated from safety and security local analyses. We evaluate and discuss our approach from the perspective of two industrial case studies on the space and medical domains.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Spain)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 74.89
Price includes VAT (Spain)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 93.59
Price includes VAT (Spain)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Safety Architect: https://www.riskoversee.com/en/safety-architect-en/.

References

  1. ISO/IEC 27005:2018 - Information security risk management

    Google Scholar 

  2. Abdulkhaleq, A., Wagner, S., Lammering, D., Boehmert, H., Blueher, P.: Using STPA in compliance with ISO 26262 for develo** a safe architecture for fully automated vehicles. In: Automotive-Safety and Security 2017, Stuttgart (2017)

    Google Scholar 

  3. ANSSI: Expression of Needs and Identification of Security Objectives - EBIOS Security knowledge Base (2010). https://tinyurl.com/ebios2010

  4. Apvrille, L., Li, L.W.: Harmonizing safety, security and performance requirements in embedded systems. In: DATE 2019, pp. 1631–1636. IEEE (2019)

    Google Scholar 

  5. AQUAS project: D3: Combined Safety, Security and Performance Analysis and Assessment Techniques (2019). https://aquas-project.eu/documents/

  6. Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE TDSC 1(1), 11–33 (2004)

    Google Scholar 

  7. Dutoit, A.H., McCall, R., Mistrik, I., Paech, B.: Rationale Management in Software Engineering. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-540-30998-7

    Book  Google Scholar 

  8. Falleri, J.R.: Automatic Refactoring and Alignment of Class Models (Contributions à l’IDM : reconstruction et alignement de modèles de classes). Ph.D. thesis (2009). http://www.theses.fr/2009MON20103 and https://github.com/jrfaller/galatea

  9. Fenelon, P., McDermid, J.A., Nicolson, M., Pumfrey, D.J.: Towards integrated safety analysis and design. SIGAPP Appl. Comput. Rev. 2(1), 21–32 (1994)

    Article  Google Scholar 

  10. Ganter, B., Wille, R., Franzke, C.: Formal Concept Analysis: Mathematical Foundations, 1st edn. Springer, Heidelberg (1997). https://doi.org/10.1007/978-3-642-59830-2

    Book  Google Scholar 

  11. Gehlot, V., Nigro, C.: An introduction to systems modeling and simulation with colored petri nets. In: Winter Simulation Conference, pp. 104–118 (2010)

    Google Scholar 

  12. ARC advisory group, Kaspersky, T.M.: The state of industrial cybersecurity (2019). https://ics.kaspersky.com/media/2019_Kaspersky_ARC_ICS_report.pdf

  13. Gruber, T., Schmittner, C., Matschnig, M., Fischer, B.: Co-engineering-in-the-loop. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 151–163. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_14

    Chapter  Google Scholar 

  14. IEC 61025: Fault Tree Analysis, 2nd edn. (2006)

    Google Scholar 

  15. Kaiser, B., et al.: Advances in component fault trees. In: ESREL (2018)

    Google Scholar 

  16. Larrucea, X., Nanclares, F., Santamaria, I., Nolasco, R.R.: Approach for enabling security across PLC phases: an industrial use case. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 354–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_29

    Chapter  Google Scholar 

  17. Lee, W.S., Grosh, D.L., Tillman, F.A., Lie, C.H.: Fault tree analysis, methods, and applications - a review. IEEE Trans. Reliab. R–34(3), 194–203 (1985)

    Article  Google Scholar 

  18. Leveson, N.G.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, Cambridge (2012)

    Book  Google Scholar 

  19. Maaskant, R.: Interactive visualization of fault trees (2016). https://fmt.ewi.utwente.nl/media/169.pdf

  20. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: Sahara: a security-aware hazard and risk analysis method. In: DATE (2015)

    Google Scholar 

  21. Netkachova, K., Bloomfield, R.E.: Security-informed safety. IEEE Comput. 49(6), 98–102 (2016)

    Article  Google Scholar 

  22. Open-PSA: Fault tree exchange format. https://open-psa.github.io

  23. Papadopoulos, Y., McDermid, J.A.: Hierarchically performed hazard origin and propagation studies. In: Felici, M., Kanoun, K. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 139–152. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48249-0_13

    Chapter  Google Scholar 

  24. Paul, S., et al.: Recommendations for Security and Safety Co-engineering - Part A. MERGE project (2016)

    Google Scholar 

  25. Pomante, L., et al.: The AQUAS ECSEL Project aggregated quality assurance for systems: co-engineering inside and across the product life cycle. Microprocess. Microsyst. 69, 54–67 (2019)

    Article  Google Scholar 

  26. Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15, 29–62 (2015)

    Article  MathSciNet  Google Scholar 

  27. Ruiz, A., Puelles, J., Martinez, J., Gruber, T., Matschnig, M., Fischer, B.: Preliminary safety-security co-engineering process in the industrial automation sector. In: ERTS 2020, 10th European Congress on Embedded Real Time Systems (2020)

    Google Scholar 

  28. Sango, M., Godot, J., Gonzalez, A., Nolasco, R.R.: Model-based system, safety and security co-engineering method and toolchain for medical devices design. In: 2019 Design of Medical Devices Conference (DMDC) (2019)

    Google Scholar 

  29. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_21

    Chapter  Google Scholar 

  30. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  31. Shipman, F.M., McCall, R.J.: Integrating different perspectives on design rationale: supporting the emergence of design rationale from design communication. AI Eng. Des. Anal. Manuf. 11(2), 141–154 (1997)

    Google Scholar 

  32. Steiner, M.: Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees. Ph.D. thesis, TU Kaiserslautern (2016)

    Google Scholar 

  33. The Consultative Committee for Space Data Systems: CCSDS Cryptographic Algorithms, December 2014

    Google Scholar 

  34. Vacca, J.R.: Computer and Information Security Handbook, 3rd edn. Morgan Kaufmann Publishers Inc., Burlington (2017)

    Google Scholar 

  35. Verma, S., Gruber, T., Schmittner, C., Puschner, P.: Combined approach for safety and security. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 87–101. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_7

    Chapter  Google Scholar 

  36. Yi, S., Wang, H., Ma, Y., **e, F., Zhang, P., Di, L.: A safety-security assessment approach for communication-based train control (CBTC) systems based on the extended fault tree. In: ICCCN (2018)

    Google Scholar 

Download references

Acknowledgments

The research leading to this paper has received funding from the AQUAS project (H2020-ECSEL grant agreement 737475). The ECSEL Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme. It is a collaboration between Spain, France, United Kingdom, Austria, Italy, Czech Republic and Germany.

Author information

Authors and Affiliations

  1. Tecnalia, BRTA (Basque Research and Technology Alliance), Derio, Spain

    Jabier Martinez & Alejandra Ruiz

  2. All4Tec, Laval, France

    Jean Godot

  3. Thales Alenia Space, Madrid, Spain

    Abel Balbis

  4. RGB Medical Devices, Madrid, Spain

    Ricardo Ruiz Nolasco

Authors
  1. Jabier Martinez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean Godot
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alejandra Ruiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abel Balbis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ricardo Ruiz Nolasco
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jabier Martinez .

Editor information

Editors and Affiliations

  1. University of Lisbon, Lisbon, Portugal

    António Casimiro

  2. Otto-von-Guericke University, Magdeburg, Germany

    Frank Ortmeier

  3. Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  4. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

  5. University of Lisbon, Lisbon, Portugal

    Pedro Ferreira

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Martinez, J., Godot, J., Ruiz, A., Balbis, A., Ruiz Nolasco, R. (2020). Safety and Security Interference Analysis in the Design Stage. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12235. Springer, Cham. https://doi.org/10.1007/978-3-030-55583-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-55583-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-55582-5

  • Online ISBN: 978-3-030-55583-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation