A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems
Abstract
:1. Introduction
2. Literature Review
- Security-informed Safety approaches that leverage on security-related information (e.g., intentional causes) for enhancing safety analysis;
- Safety-informed Security approaches that utilize safety-related information (e.g., component failures) for enhancing security analysis;
- Combined S&S approaches that analyse Safety and Security either in series or parallel and their respective artefacts are mutually integrated into subsequent analysis steps/phases/stages.
2.1. System Theoretic Process Analysis (STPA)
2.2. STPA-Sec (STPA for Security)
2.3. STPA-SafeSec
2.4. SAFE (Systematic Analysis of Faults and Errors)
2.5. Other Works That Employ STPA
3. Proposed S&S Analysis Methodology
4. Case Study
4.1. System Definition
4.2. Analysis
4.2.1. Matrices Constructed Prior to Step 7
4.2.2. Matrices Constructed during Step 7
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- IEC 60812: Analysis Techniques for System Reliability—Procedure for Failure Mode and Effects Analysis (FMEA); Standards Australia & New Zealand: Sydney, Australia, 2006.
- Lee, R.M.; Assante, M.J.; Conway, T. ICS CP/PE (Cyber-to-Physical or Process Effects) Case Study Paper—German Steel Mill Cyber Attack; SANS Institute: Bethesda, MD, USA, 2014. [Google Scholar]
- Falco, M.D. Stuxnet Facts Report (A Technical and Strategic Analysis); NATO Cooperative Cyber Defence Centre of Excellence: Tallinn, Estonia, 2012. [Google Scholar]
- Lisova, E.; Šljivo, I.; Čaušević, A. Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Syst. J. 2019, 13, 2189–2200. [Google Scholar] [CrossRef] [Green Version]
- Kavallieratos, G.; Katsikas, S.; Gkioulos, V. Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive Survey. Future Internet 2020, 12, 65. [Google Scholar] [CrossRef] [Green Version]
- Ishimatsu, T.; Leveson, N.; Thomas, J.; Fleming, C.; Katahira, M.; Miyamoto, Y.; Ujiie, R.; Nakao, H.; Hoshino, N. Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis. J. Spacecr. Rocket. 2014, 51, 509–522. [Google Scholar] [CrossRef] [Green Version]
- Wróbel, K.; Montewka, J.; Kujala, P. Towards the development of a system-theoretic model for safety assessment of autonomous merchant vessels. Reliab. Eng. Syst. Saf. 2018, 178, 209–224. [Google Scholar] [CrossRef]
- Lee, S.H.; Shin, S.M.; Hwang, J.S.; Park, J. Operational Vulnerability Identification Procedure for Nuclear Facilities Using STAMP/STPA. IEEE Access 2020, 8, 166034–166046. [Google Scholar] [CrossRef]
- Sabaliauskaite, G.; Liew, L.S.; Zhou, F. AVES—Automated Vehicle Safety and Security Analysis Framework. In Proceedings of the CSCS ’19: ACM Computer Science in Cars Symposium, Kaiserslautern, Germany, 8 October 2019; Association for Computing Machinery: New York, NY, USA, 2019. [Google Scholar] [CrossRef] [Green Version]
- Sabaliauskaite, G.; Liew, L.; Cui, J. Integrating Autonomous Vehicle Safety and Security Analysis Using STPA Method and the Six-Step Model. Int. J. Adv. Secur. 2018, 11, 160–169. [Google Scholar]
- Paul, S.; Rioux, L. Over 20 Years of Research into Cybersecurity and Safety Engineering: A Short Bibliography; WIT Press: Southampton, UK, 2015; pp. 335–349. [Google Scholar] [CrossRef] [Green Version]
- Leveson, N. Engineering a Safer World: Systems Thinking Applied to Safety; MIT Press: Cambridge, MA, USA, 2011. [Google Scholar]
- Young, W.; Leveson, N. Systems Thinking for Safety and Security. In Proceedings of the ACSAC ’13: 29th Annual Computer Security Applications Conference, New Orleans, LA, USA, 9–13 December 2013; Association for Computing Machinery: New York, NY, USA, 2013; pp. 1–8. [Google Scholar] [CrossRef] [Green Version]
- Young, W.; Leveson, N.G. An Integrated Approach to Safety and Security Based on Systems Theory. Commun. ACM 2014, 57, 31–35. [Google Scholar] [CrossRef]
- Schmittner, C.; Ma, Z.; Puschner, P. Limitation and Improvement of STPA-Sec for Safety and Security Co-analysis. In Computer Safety, Reliability, and Security; Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F., Eds.; Springer International Publishing: Cham, Switzerland, 2016; pp. 195–209. [Google Scholar]
- Kriaa, S.; Pietre-Cambacedes, L.; Bouissou, M.; Halgand, Y. A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 2015, 139, 156–178. [Google Scholar] [CrossRef]
- Islam, M.M.; Lautenbach, A.; Sandberg, C.; Olovsson, T. A Risk Assessment Framework for Automotive Embedded Systems. In Proceedings of the CPSS ’16: 2nd ACM International Workshop on Cyber-Physical System Security, Xi’an, China, 30 May 2016; Association for Computing Machinery: New York, NY, USA, 2016; pp. 3–14. [Google Scholar] [CrossRef]
- Schoitsch, E.; Schmittner, C.; Ma, Z.; Gruber, T. The Need for Safety and Cyber-Security Co-engineering and Standardization for Highly Automated Automotive Vehicles. In Advanced Microsystems for Automotive Applications 2015; Schulze, T., Müller, B., Meyer, G., Eds.; Springer International Publishing: Cham, Switzerland, 2016; pp. 251–261. [Google Scholar]
- Cui, J.; Sabaliauskaite, G.; Liew, L.S.; Zhou, F.; Zhang, B. Collaborative Analysis Framework of Safety and Security for Autonomous Vehicles. IEEE Access 2019, 7, 148672–148683. [Google Scholar] [CrossRef]
- Schmittner, C.; Ma, Z.; Schoitsch, E.; Gruber, T. A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-Physical Systems. In CPSS ’15: 1st ACM Workshop on Cyber-Physical System Security, Proceedings of the ASIA CCS ’15: 10th ACM Symposium on Information, Computer and Communications Security, Singapore, 14 April–14 March 2015; Association for Computing Machinery: New York, NY, USA, 2015; pp. 69–80. [Google Scholar] [CrossRef]
- Sabaliauskaite, G.; Cui, J.; Liew, L.S.; Zhou, F. Modelling Safe and Secure Cooperative Intelligent Transport Systems. In Complex Systems Design & Management Asia; Cardin, M.A., Hastings, D., Jackson, P., Krob, D., Lui, P.C., Schmitt, G., Eds.; Springer International Publishing: Cham, Switzerland, 2019; pp. 62–72. [Google Scholar]
- Sabaliauskaite, G.; Liew, L.S.; Zhou, F.; Cui, J. Designing Safe and Secure Mixed Traffic Systems. In Proceedings of the 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE), Hangzhou, China, 3–5 January 2019; pp. 222–227. [Google Scholar] [CrossRef]
- Friedberg, I.; McLaughlin, K.; Smith, P.; Laverty, D.; Sezer, S. STPA-SafeSec: Safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 2017, 34, 183–196. [Google Scholar] [CrossRef] [Green Version]
- Shevchenko, N.; Chick, T.A.; O’Riordan, P.; Scanlon, T.P.; Woody, C. Threat Modeling: A Summary of Available Methods; Software Engineering Institute: Pittsburgh, PA, USA, 2018. [Google Scholar]
- Piètre-Cambacédès, L.; Bouissou, M. Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes). In Proceedings of the 2010 IEEE International Conference on Systems, Man and Cybernetics, Istanbul, Turkey, 10–13 October 2010; pp. 2852–2861. [Google Scholar] [CrossRef]
- Kriaa, S.; Bouissou, M.; Colin, F.; Halgand, Y.; Pietre-Cambacedes, L. Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline. In Computer Safety, Reliability, and Security; Bondavalli, A., Di Giandomenico, F., Eds.; Springer International Publishing: Cham, Switzerland, 2014; pp. 326–341. [Google Scholar]
- Egyed, A.; Grunbacher, P. Identifying requirements conflicts and cooperation: How quality attributes and automated traceability can help. IEEE Softw. 2004, 21, 50–58. [Google Scholar] [CrossRef]
- Thomas, J. Extending and Automating a Systems-Theoretic Hazard Analysis for Requirements Generation and Analysis. Ph.D. Thesis, Massachusetts Institute of Technology, Cambridge, UK, 2013. [Google Scholar]
- Tabassum, M.R.; Siddik, M.S.; Shoyaib, M.; Khaled, S.M. Determining interdependency among non-functional requirements to reduce conflict. In Proceedings of the 2014 International Conference on Informatics, Electronics Vision (ICIEV), Dhaka, Bangladesh, 23–24 May 2014; pp. 1–6. [Google Scholar] [CrossRef]
- Gu, T.; Lu, M.; Li, L. Extracting interdependent requirements and resolving conflicted requirements of safety and security for industrial control systems. In Proceedings of the 2015 First International Conference on Reliability Systems Engineering (ICRSE), Beijing, China, 21–23 October 2015; pp. 1–8. [Google Scholar] [CrossRef]
- Hu, H.; Ma, Q.; Zhang, T.; Tan, Y.; Xiang, H.; Fu, C.; Feng, Y. Semantic modelling and automated reasoning of non-functional requirement conflicts in the context of softgoal interdependencies. IET Softw. 2015, 9, 145–156. [Google Scholar] [CrossRef]
- Pereira, D.; Hirata, C.; Pagliares, R.; Nadjm-Tehrani, S. Towards Combined Safety and Security Constraints Analysis. In Computer Safety, Reliability, and Security; Tonetta, S., Schoitsch, E., Bitsch, F., Eds.; Springer International Publishing: Cham, Switzerland, 2017; pp. 70–80. [Google Scholar]
- Salado, A.; Nilchiani, R. The Concept of Order of Conflict in Requirements Engineering. IEEE Syst. J. 2016, 10, 25–35. [Google Scholar] [CrossRef]
- Procter, S.; Vasserman, E.Y.; Hatcliff, J. SAFE and Secure: Deeply Integrating Security in a New Hazard Analysis. In Proceedings of the ARES ’17: 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, 29 August–1 September 2017; Association for Computing Machinery: New York, NY, USA, 2017. [Google Scholar] [CrossRef]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Procter, S. A Development and Assurance Process for Medical Application Platform Apps. Ph.D. Thesis, Kansas State University, Manhattan, KS, USA, 2016. [Google Scholar]
- Avizienis, A.; Laprie, J.C.; Randell, B.; Landwehr, C. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 2004, 1, 11–33. [Google Scholar] [CrossRef] [Green Version]
- Temple, W.G.; Wu, Y.; Chen, B.; Kalbarczyk, Z. Systems-Theoretic Likelihood and Severity Analysis for Safety and Security Co-engineering. In Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification; Fantechi, A., Lecomte, T., Romanovsky, A., Eds.; Springer International Publishing: Cham, Switzerland, 2017; pp. 51–67. [Google Scholar]
- Schmittner, C.; Gruber, T.; Puschner, P.; Schoitsch, E. Security Application of Failure Mode and Effect Analysis (FMEA). In Computer Safety, Reliability, and Security; Bondavalli, A., Di Giandomenico, F., Eds.; Springer International Publishing: Cham, Switzerland, 2014; pp. 310–325. [Google Scholar]
- NIST SP 800-30 Rev. 1 Guide for Conducting Risk Assessments; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2012.
- Howard, G.; Butler, M.; Colley, J.; Sassone, V. Formal Analysis of Safety and Security Requirements of Critical Systems Supported by an Extended STPA Methodology. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), Paris, France, 26–28 April 2017; pp. 174–180. [Google Scholar] [CrossRef] [Green Version]
- Sabaliauskaite, G.; Adepu, S. Integrating Six-Step Model with Information Flow Diagrams for Comprehensive Analysis of Cyber-Physical System Safety and Security. In Proceedings of the 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), Singapore, 12–14 January 2017; pp. 41–48. [Google Scholar] [CrossRef]
- Shevchenko, N.; Frye, B.R.; Woody, C. Threat Modeling for Cyber-Physical System-of-Systems: Methods Evaluation; Software Engineering Institute: Pittsburgh, PA, USA, 2018. [Google Scholar]
- Soares, F.; Carvalho, L.; Costa, I.; Iria, J.; Bodet, J.M.; Jacinto, G.; Lecocq, A.; Roessner, J.; Caillard, B.; Salvi, O. The STABALID project: Risk analysis of stationary Li-ion batteries for power system applications. Reliab. Eng. Syst. Saf. 2015, 140, 142–175. [Google Scholar] [CrossRef] [Green Version]
Matrices | Rows | Columns | Possible Symbols and Their Meanings |
---|---|---|---|
HH | Hazards | Hazards | X—The (row) hazard arises due to the (column) hazard. |
CH | Components | Hazards | X—The component is the final trigger of the hazard; |
CC | Components | Components | <—The (row) component receives signal from the (column) component; |
>—The (row) component provides signal to the (column) component. | |||
SC | Signals | Components | P—The component is the legitimate provider of the signal; |
R—The component is the intended receiver of the signal; | |||
T—The component is the transmission medium of the signal. | |||
RC | Requirements | Components | X—The requirement may be violated if the component malfunctions. |
RR | Requirements | Requirements | X—The (row) requirement conflicts the (column) requirement. |
MC | Measures | Components | X—The component is required for implementing the measure. |
MR | Measures | Requirements | O—The measure contributes to satisfying the requirement; |
X—The measure may violate the requirement. |
ID | Description of Hazard |
---|---|
H1 | Battery ignition |
H2 | Battery temperature high (beyond 60 degrees) |
H3 | Battery over-charged |
H4 | Battery over-discharged |
H5 | Acidic/corrosive/flammable/toxic substances due to electrolyte leakage |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Liew, L.-S.; Sabaliauskaite, G.; Kandasamy, N.K.; Wong, C.-Y.W. A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems. Telecom 2021, 2, 536-553. https://doi.org/10.3390/telecom2040030
Liew L-S, Sabaliauskaite G, Kandasamy NK, Wong C-YW. A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems. Telecom. 2021; 2(4):536-553. https://doi.org/10.3390/telecom2040030
Chicago/Turabian StyleLiew, Lin-Shen, Giedre Sabaliauskaite, Nandha Kumar Kandasamy, and Choong-Yew William Wong. 2021. "A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems" Telecom 2, no. 4: 536-553. https://doi.org/10.3390/telecom2040030
APA StyleLiew, L. -S., Sabaliauskaite, G., Kandasamy, N. K., & Wong, C. -Y. W. (2021). A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems. Telecom, 2(4), 536-553. https://doi.org/10.3390/telecom2040030