Conceptual Systems Security Analysis Aerial Refueling Case Study

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic Process Analysis approach for Security (STPA Sec) is tailored and presented in three phases which support the development of conceptual-level security requirements, applicable design-level criteria, and architectural-level security specifications. This work uniquely presents a detailed case study of a conceptual-level systems security analysis of a notional aerial refueling system based on the tailored STPA-Sec approach. This work is critically important for advancing the science of systems security engineering by providing a standardized approach for understanding security, safety, and resiliency requirements in complex systems with traceability and testability

CONSIDERING SAFETY AND SECURITY IN AV FUNCTIONS

Autonomous vehicles (AVs) are coming to our streets. Due to the presence of highly complex software systems in AVs, a new hazard analysis technique is needed to meet stringent safety standards. Also, safety and security are inter-dependent and inter-related aspects of AV. They are focused on shielding the vehicles from deliberate attacks (security issue) as well as accidental failures (safety concern), that might lead to loss of lives and injuries to the occupants. So, the current research work has two key components: functional safety and cybersecurity of the autonomous systems. For the safety analysis, we have applied System Theoretic Process Analysis (STPA), which is built on Systems Theoretic Accident Modeling and Processes (STAMP). STAMP is a powerful tool that can identify, define, analyze, and mitigate hazards from the earliest conceptual stage of development to the operation of a system. Applying STPA to autonomous vehicles demonstrates STPA's applicability to preliminary hazard analysis, alternative available, developmental tests, organizational design, and functional design of each unique safety operation. This thesis describes the STPA process used to generate system design requirements for an Autonomous Emergency Braking (AEB) system using a top-down analysis approach for the system safety. The research makes the following contributions to practicing STPA for safety and security: 1. It describes the incorporation of safety and security analysis in one process and discusses the benefits of this; 2. It provides an improved, structural approach for scenario analysis, concentrating on safety and security; 3. It demonstrates the utility of STPA for gap analysis of existing designs in the automotive domain; 4. It provides lessons learned throughout the process of applying STPA and STPA-Sec. Controlling a physical process is associated with dependability requirements in a cyber-physical system (CPS). Cyberattacks can lead to the dependability requirements not being in the acceptable range. Thus, monitoring of the cyber-physical system becomes inevitable for the detection of the deviations in the system from normal operation. One of the main issues is understanding the rationale behind these variations in a reliable manner. Understanding the reason for the variation is crucial in the execution of accurate and time-based control resolution, for mitigating the cyberattacks as well as other reasons of reduced dependability. Currently, we are using evidential networks to solve the reliability issue. In the present work, we are presenting a cyber-physical system analysis where the evidential networks are used for the detection of attacks. The results obtained from the STPA analysis, which provides the technical safety requirements, can be combined with the EN analysis, which can be used efficiently to detect the quality of the used sensor to justify whether the CPS is suitable for the safe and secure design

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Autonomic computing architecture for SCADA cyber security

Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator