Systems thinking for safety and security

Young, William; Leveson, Nancy G.

doi:10.1145/2523649.2530277

Cited by 127 publications

(123 citation statements)

References 3 publications

Supporting

Mentioning

123

Contrasting

Order By: Relevance

“…Young and Leveson [27] proposed to take a system thinking approach to safety and security analysis. As a result, a loss or disruption of the system is caused by interactions among various factors including safety hazards and security vulnerabilities.…”

Section: Safety and Security Co-analysis Methodsmentioning

confidence: 99%

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

Schmittner

Schoitsch

et al. 2015

Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

View full text Add to dashboard Cite

The increasing integration of computational components and physical systems creates cyber-physical system, which provide new capabilities and possibilities for humans to control and interact with physical machines. However, the correlation of events in cyberspace and physical world also poses new safety and security challenges. This calls for holistic approaches to safety and security analysis for the identification of safety failures and security threats and a better understanding of their interplay. This paper presents the application of two promising methods, i.e. Failure Mode, Vulnerabilities and Effects Analysis (FMVEA) and Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS), to a case study of safety and security co-analysis of cyber-physical systems in the automotive domain. We present the comparison, discuss their applicabilities, and identify future research needs.

show abstract

Section: Safety and Security Co-analysis Methodsmentioning

confidence: 99%

A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

Schmittner

Schoitsch

et al. 2015

Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

View full text Add to dashboard Cite

show abstract

“…Furthermore, the approaches used in the hazard analysis for security (STPA-sec) do not differ much from the approaches used in threat analysis for safety. This is clear in the phase "Identifying unsafe/unsecure control actions" (Table 9) STPA-sec as security and safety are inseparable as mentioned by Young [29] [30].…”

Section: Casesmentioning

confidence: 99%

“…Using the concepts in SaS information domain model (Section 5.1) here to explain STAMP; Scenario-based [29] [30] in a narrative way. @RemoteSurgery, A surgeon that is well trained on using the console is considered one of the important assets.…”

Section: Appendixmentioning

confidence: 99%

Developing Dependability Requirements Engineering for Secure and Safe Information Systems with Knowledge Acquisition for Automated Specification

Lamddi¹

2017

JSEA

View full text Add to dashboard Cite

Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier than before. The rapid increase of technology adoption in the different aspects of life has made technology affordable and has led to an even stronger adoption in the society. As technology advances, almost every kind of technology is now connected to the network like infrastructure, automobiles, airplanes, chemical factories, power stations, and many other systems that are business and mission critical. Because of our high dependency on technology in most, if not all, aspects of life, a system failure is considered to be very critical and might result in harming the surrounding environment or put human life at risk. We apply our conceptual framework to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, wellstructured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The conceptual framework can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality. For validation we chose the Systems-Theoretic Accident Model and Processes (STAMP) approach and its modelling language, namely System-Theoretic Process Analysis for safety (STPA), on the safety side and System-Theoretic Process Analysis for Security (STPA-sec) on the security side in

show abstract

“…Safety is often associated with unintended disruption, and security is often associated with intended disruption; both concepts affect the proper operation of cyber-based systems and infrastructure. Safety properties include security properties (Burns et al, 1992;Leveson, 2013;Young & Leveson, 2013). Safety is the foundation that promotes scientific progress and the arts within a society that is ever more connected on a global scale; it enables the global knowledge commons that is an engine of human progress.…”

Section: Safety In the Online World Of The Futurementioning

confidence: 99%