MISSION AWARE: Evidence-Based, Mission-Centric Cybersecurity Analysis

Bakirtzis, Georgios; Carter, Bryan T.; Fleming, Cody H.; Elks, Carl R.

doi:10.48550/arxiv.1712.01448

Cited by 2 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…al. 2016), automotive (Placke Duo 2015), port security (Williams 2015), and cyber security (Bakirtzis, et. al.…”

Section: Discussionmentioning

confidence: 99%

Enhancing Early Systems R&D Capabilities with Systems —Theoretic Process Analysis

Williams

2023

INSIGHT

View full text Add to dashboard Cite

Systems engineering today faces a wide array of challenges, ranging from new operational environments to disruptive technological — necessitating approaches to improve research and development (R&D) efforts. Yet, emphasizing the Aristotelian argument that the “whole is greater than the sum of its parts” seems to offer a conceptual foundation creating new R&D solutions. Invoking systems theoretic concepts of emergence and hierarchy and analytic characteristics of traceability, rigor, and comprehensiveness is potentially beneficial for guiding R&D strategy and development to bridge the gap between theoretical problem spaces and engineering‐based solutions. In response, this article describes systems–theoretic process analysis (STPA) as an example of one such approach to aid in early‐systems R&D discussions. STPA—a ‘top‐down’ process that abstracts real complex system operations into hierarchical control structures, functional control loops, and control actions—uses control loop logic to analyze how control actions (designed for desired system behaviors) may become violated and drive the complex system toward states of higher risk. By analyzing how needed controls are not provided (or out of sequence or stopped too soon) and unneeded controls are provided (or engaged too long), STPA can help early‐system R&D discussions by exploring how requirements and desired actions interact to either mitigate or potentially increase states of risk that can lead to unacceptable losses. This article will demonstrate STPA's benefit for early‐system R&D strategy and development discussion by describing such diverse use cases as cyber security, nuclear fuel transportation, and US electric grid performance. Together, the traceability, rigor, and comprehensiveness of STPA serve as useful tools for improving R&D strategy and development discussions. Leveraging STPA as well as related systems engineering techniques can be helpful in early R&D planning and strategy development to better triangulate deeper theoretical meaning or evaluate empirical results to better inform systems engineering solutions.

show abstract

“…al. 2016), automotive (Placke Duo 2015), port security (Williams 2015), and cyber security (Bakirtzis, et. al.…”

Section: Discussionmentioning

confidence: 99%

Enhancing Early Systems R&D Capabilities with Systems —Theoretic Process Analysis

Williams

2023

INSIGHT

View full text Add to dashboard Cite

show abstract

“…Design assurance of safety and security carry to the runtime domain, creating a shared responsibility for reducing the risk during deployment. These emerging methods include dynamic safety management [23], DepDevOps (dependable development operations continuum) [3], systematic safety and security assessment processes such as STPA (system theoretic process analysis) and STAMP (systems-theoretic accident model and processes), and MissionAware [2].…”

Section: Introductionmentioning

confidence: 99%

“…(1) what to monitor, (2) where to monitor, and (3) context of the monitoring. Our work addresses the gap between safety analysis and runtime monitor formulation.…”

Section: Introductionmentioning

confidence: 99%

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Gautham¹,

Bakirtzis²,

Will³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Runtime verification or runtime monitoring equips safetycritical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring specifications and monitoring placements for in-time detection of hazards. We develop a well-formed workflow model that connects system theoretic process analysis, commonly referred to as STPA, hazard causation information to lower-level runtime monitoring to detect hazards at the operational phase. Specifically, our model follows the DepDevOps paradigm to provide evidence and insights to runtime monitoring on what to monitor, where to monitor, and the monitoring context. We demonstrate and evaluate the value of multilevel monitors by injecting hazards on an autonomous emergency braking system model.

show abstract

MISSION AWARE: Evidence-Based, Mission-Centric Cybersecurity Analysis

Cited by 2 publications

References 15 publications

Enhancing Early Systems R&D Capabilities with Systems —Theoretic Process Analysis

Enhancing Early Systems R&D Capabilities with Systems —Theoretic Process Analysis

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Contact Info

Product

Resources

About