A systematic co-engineering of safety and security analysis in requirements engineering process

Co-engineering safety and security is increasingly important in safety-critical systems as more diverse interacting functions are implemented in software. Many studies have tried to perform safety and security analyses in unified or in parallel. While the unified approach requires more complex analysis with new delicate methods, the parallel needs further improvement on additional integration activity for harmonizing safety and security analyses results. This paper tries to improve the harmonization activity seamlessly and systematically in typical requirements engineering process for safety-critical systems. It encompasses both requirements elicitation and analysis as well as safety and security analyses, regardless of which analysis techniques are used. The paper suggests performing an appropriate safety analysis first to derive safety requirements as summary information. It then performs goal-tree analysis to refine the high-level safety requirements into lower-level ones, from which any security analysis can work on to derive security requirements. Another goal-tree analysis then tries to refine the high-level security requirements into specific functional ones too, and it ends the analysis activity in a cycle of requirements engineering process. The sequence of safety analysis, goal-tree refinement, security analysis and another goal-tree refinement is seamlessly iterated in the process of requirements engineering, where any conflict of requirements will have an opportunity to be resolved. Our case study of a simplified UAV example uses STPA and STRIDE techniques for safety and security analysis respectively, and shows that the proposed approach is fully applicable up to industrial cases.