Apply STAMP to Critical Infrastructure Protection

Laracy, Joseph R.; Leveson, Nancy G.

doi:10.1109/ths.2007.370048

Cited by 18 publications

(16 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Another feature of STPA-Sec, which was not covered, is its ability to assist analysts in examining how security constraints might degrade over time. See Leveson and Laracy for more on this topic [7] .…”

Section: Discussionmentioning

confidence: 99%

Systems thinking for safety and security

Young

Leveson

2013

Proceedings of the 29th Annual Computer Security Applications Conference

127

117

View full text Add to dashboard Cite

The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. SystemsTheoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss.

show abstract

Section: Discussionmentioning

confidence: 99%

Systems thinking for safety and security

Young

Leveson

2013

Proceedings of the 29th Annual Computer Security Applications Conference

127

117

View full text Add to dashboard Cite

show abstract

“…SoS capability security may be impacted by operational use or change over time, or from system-level changes to meet individual needs of constituent system stakeholders, changing risk equations that might go unidentified [29]. Security must be designed into the systems with a concious aspect towards how it is operated [30]. Applying security to systems in isolation may lead to incorrect areas of focus for effective security, potentially consuming needed resources [31], and can lead to unidentified areas of threat [9].…”

Section: B System Of Systems and Systems Riskmentioning

confidence: 99%

Assessing Security Risk and Requirements for Systems of Systems

Ki-Aries

2018

2018 IEEE 26th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

A System of Systems (SoS) is a term used to describe independent systems converging for a purpose that could only be carried out through this interdependent collaboration. Many examples of SoSs exist, but the term has become a source of confusion across domains. Moreover, there are few illustrative SoS examples demonstrating their initial classification and structure. While there are many approaches for engineering of systems, less exist for SoS engineering. More specifically, there is a research gap towards approaches addressing SoS security risk assessment for engineering and operational needs, with a need for tool-support to assist modelling and visualising security risk and requirements in an interconnected SoS. From this, security requirements can provide a systematic means to identify constraints and related risks of the SoS, mitigated by humanuser and system requirements. This work investigates specific challenges and current approaches for SoS security and risk, and aims to identify the alignment of SoS factors and concepts suitable for eliciting, analysing, validating risks with use of a tool-support for assessing security risk in the SoS context.

show abstract

“…Hierarchically performed hazard origin and propagation studies (HiP-HOPS) was developed as a tool to assess risk throughout a hierarchical system model by integrating functional and classical techniques into a single consistent model [24]. Rather than modeling failures within engineered systems as a result of component failures, the systems-theoretic accident model and processes (STAMP) models the dynamics of the organizational environment to find and redesign inadequate control processes that lead to failure [25][26][27][28]. The function failure identification and propagation method (FFIP) informs assessment by constructing a graph-based behavioral model to take into account the function interactions, dynamics, and joint fault scenarios [8] which has since been extended using flow-state logic to model undesired flow states [29] and dimensional analysis to incorporate more detailed information about component behavior [30] and adapted for large-scale complex systems [31] and mechatronics [32].…”

Section: Introductionmentioning

confidence: 99%

Quantifying the Resilience-Informed Scenario Cost Sum: A Value-Driven Design Approach for Functional Hazard Assessment

Hulse

Hoyle

Goebel

et al. 2018

Journal of Mechanical Design

View full text Add to dashboard Cite

Complex engineered systems can carry risk of high failure consequences, and as a result, resilience—the ability to avoid or quickly recover from faults—is desirable. Ideally, resilience should be designed-in as early in the design process as possible so that designers can best leverage the ability to explore the design space. Toward this end, previous work has developed functional modeling languages which represent the functions which must be performed by a system and function-based fault modeling frameworks have been developed to predict the resulting fault propagation behavior of a given functional model. However, little has been done to formally optimize or compare designs based on these predictions, partially because the effects of these models have not been quantified into an objective function to optimize. The work described herein closes this gap by introducing the resilience-informed scenario cost sum (RISCS), a scoring function which integrates with a fault scenario-based simulation, to enable the optimization and evaluation of functional model resilience. The scoring function accomplishes this by quantifying the expected cost of a design's fault response using probability information, and combining this cost with design and operational costs such that it may be parameterized in terms of designer-specified resilient features. The usefulness and limitations of using this approach in a general optimization and concept selection framework are discussed in general, and demonstrated on a monopropellant system design problem. Using RISCS as an objective for optimization, the algorithm selects the set of resilient features which provides the optimal trade-off between design cost and risk. For concept selection, RISCS is used to judge whether resilient concept variants justify their design costs and make direct comparisons between different model structures.

show abstract

Apply STAMP to Critical Infrastructure Protection

Cited by 18 publications

References 13 publications

Systems thinking for safety and security

Systems thinking for safety and security

Assessing Security Risk and Requirements for Systems of Systems

Quantifying the Resilience-Informed Scenario Cost Sum: A Value-Driven Design Approach for Functional Hazard Assessment

Contact Info

Product

Resources

About