Aligning Cyber-Physical System Safety and Security

Sabaliauskaite, Giedre; Mathur, Aditya P.

doi:10.1007/978-3-319-12544-2_4

Cited by 65 publications

(47 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CHASSIS [5], III. FACT Graph [6], IV. FMVEA [7], V. Unified Security and Safety Risk Assessment [8], VI.…”

Section: Integrated Safety and Security Risk Assessment Methodsmentioning

confidence: 99%

“…Year Country Citations EFT [10] 2009 Italy 63 Extended CFT [9] 2013 Germany 17 FACT Graph [6] 2015 Singapore 5 CHASSIS [5] 2015 Austria 4 FMVEA [7] 2014 Austria 4 SAHARA [4] 2015 Austria 2 Unified Security and Safety Risk Assessment [8] 2014 Taiwan 1…”

Section: Integrated Safety and Security Risk Assessment Methodsmentioning

confidence: 99%

“…Over-pressurization of a vessel example [6] Power and Utilities FMVEA OTA system [5], Telematics control unit [7], Engine test-stand [24], Communications-based train control system [25].…”

Section: Fact Graphmentioning

confidence: 99%

“…In the recent years, we have seen a transformation among the researchers of safety and security community to work together especially in risk management. As an example, there are developments of integrated safety and security risk assessment methods [4,5,6,7,8,9,10]. Risk assessment is one of the most crucial parts of the risk management process as it is the basis for making risk treatment decisions [11].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Chockalingam

Hadžiosmanović²,

Pieters

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future.

show abstract

“…CHASSIS [5], III. FACT Graph [6], IV. FMVEA [7], V. Unified Security and Safety Risk Assessment [8], VI.…”

Section: Integrated Safety and Security Risk Assessment Methodsmentioning

confidence: 99%

Section: Integrated Safety and Security Risk Assessment Methodsmentioning

confidence: 99%

“…Over-pressurization of a vessel example [6] Power and Utilities FMVEA OTA system [5], Telematics control unit [7], Engine test-stand [24], Communications-based train control system [25].…”

Section: Fact Graphmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Chockalingam

Hadžiosmanović²,

Pieters

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…A majority of them, are application specific models (automotive, power) and geared towards the risk identification phase. A few attempts have been undertaken to integrate the attack trees and fault trees, leading to extended fault trees [4], component fault trees [5] and FACT graphs [6]. However, as highlighted in [7], these models are static i.e.…”

Section: Introductionmentioning

confidence: 99%

Quantitative Security and Safety Analysis with Attack-Fault Trees

Kumar

Stoelinga

2017

2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)

View full text Add to dashboard Cite

Abstract-Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks).This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.

show abstract

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Mashkoor

Egyed

Wille

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions.

show abstract

Aligning Cyber-Physical System Safety and Security

Cited by 65 publications

References 12 publications

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Quantitative Security and Safety Analysis with Attack-Fault Trees

Model‐driven engineering of safety and security software systems: A systematic mapping study and future research directions

Contact Info

Product

Resources

About