Safe and Secure: Mutually Supporting Safety and Security Analyses with Model-Based Suggestions

2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2021-10-01 DOI:10.1109/ISSREW53611.2021.00061

Bastian Kruck, Peter Munk, D. Angermeier

{"title":"Safe and Secure: Mutually Supporting Safety and Security Analyses with Model-Based Suggestions","authors":"Bastian Kruck, Peter Munk, D. Angermeier","doi":"10.1109/ISSREW53611.2021.00061","DOIUrl":null,"url":null,"abstract":"Failures in cyber-physical systems, such as trains and cars, are caused either by faults or attacks. The former are addressed by safety engineering, the latter by security analysis. Both disciplines use separate terminology, processes, and tools. However, both rely on a common system architecture and use models such as component fault trees and attack trees, respectively, for their analyses. We posit that the two disciplines should be aligned without entangling their processes or teams, mutually supporting their considerations. For that purpose, assuming a joint system model, we introduce tool support that heuristically suggests correspondences between analysis elements of the two disciplines and, upon user confirmation, derives additional suggestions for analysis. Our tool allows both disciplines to benefit from the analyses of the other, increasing consistency, exhaustiveness, and alignment of the disciplines. Our paper introduces the approach, describes our prototypical tool, and illustrates the concept with a realistic automotive use case.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW53611.2021.00061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Failures in cyber-physical systems, such as trains and cars, are caused either by faults or attacks. The former are addressed by safety engineering, the latter by security analysis. Both disciplines use separate terminology, processes, and tools. However, both rely on a common system architecture and use models such as component fault trees and attack trees, respectively, for their analyses. We posit that the two disciplines should be aligned without entangling their processes or teams, mutually supporting their considerations. For that purpose, assuming a joint system model, we introduce tool support that heuristically suggests correspondences between analysis elements of the two disciplines and, upon user confirmation, derives additional suggestions for analysis. Our tool allows both disciplines to benefit from the analyses of the other, increasing consistency, exhaustiveness, and alignment of the disciplines. Our paper introduces the approach, describes our prototypical tool, and illustrates the concept with a realistic automotive use case.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

安全和安全:基于模型建议的相互支持的安全和安全分析

网络物理系统的故障，比如火车和汽车，要么是故障造成的，要么是攻击造成的。前者通过安全工程解决，后者通过安全分析解决。这两个学科使用不同的术语、过程和工具。然而，两者都依赖于通用的系统架构，并分别使用组件故障树和攻击树等模型进行分析。我们假定这两个规程应该对齐，而不纠缠它们的过程或团队，相互支持它们的考虑。为此，假设一个联合的系统模型，我们引入工具支持，启发式地建议两个学科的分析元素之间的对应关系，并在用户确认后，为分析派生额外的建议。我们的工具允许两个规程都从其他规程的分析中获益，增加了规程的一致性、详尽性和一致性。我们的论文介绍了该方法，描述了我们的原型工具，并用一个现实的汽车用例说明了这个概念。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

自引率

0.00%

发文量