Model-driven safety and security co-analysis: A systematic literature review

Failures in systems that can lead to loss of life, property, and environmental damage, make them safety–critical systems requiring the analysis and demonstration of dependability properties. When those systems can connect/disconnect to each other, it raises security issues, making them also security-critical. Safety and security are crucial in safety- and security-critical design. The complexity of a connected world impacts safety and security, requiring dependability assurance processes in compliance with standards like ISO 26262, ISO 21434, IEC 61511, and IEC 61508. Model-Driven Engineering (MDE) plays a significant role by using models to represent and analyze safety and security properties, facilitating their integration. This study aims to explore the role of MDE in supporting safety and security co-engineering through a Systematic Literature Review. We identified 119 studies that were analyzed and categorized based on the life-cycle phase, risk assessment activity, application domain, methodology type (integrated or unified), methodology goal (co-engineering or cross-fertilization), measurement (qualitative, quantitative, or both), modeling approach, representation, evaluation method, and supporting tools. Though model-driven contributions are less prevalent than model-based ones, tools widely support them. Studies primarily focus on transportation (especially automotive) and industrial domains, but there is potential for broader participation with increasing IoT adoption.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.