12 research outputs found
Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications
Over the last years, we have seen several security incidents that compromised
system safety, of which some caused physical harm to people. Meanwhile, various
risk assessment methods have been developed that integrate safety and security,
and these could help to address the corresponding threats by implementing
suitable risk treatment plans. However, an overarching overview of these
methods, systematizing the characteristics of such methods, is missing. In this
paper, we conduct a systematic literature review, and identify 7 integrated
safety and security risk assessment methods. We analyze these methods based on
5 different criteria, and identify key characteristics and applications. A key
outcome is the distinction between sequential and non-sequential integration of
safety and security, related to the order in which safety and security risks
are assessed. This study provides a basis for developing more effective
integrated safety and security risk assessment methods in the future
Querying Fault and Attack Trees:Property Specification on a Water Network
We provide an overview of three different query languages whose objective is to specify properties on the highly popular formalisms of fault trees (FTs) and attack trees (ATs). These are BFL, a Boolean Logic for FTs, PFL, a probabilistic extension of BFL and ATM, a logic for security metrics on ATs. We validate the framework composed by these three logics by applying them to the case study of a water distribution network. We extend the FT for this network - found in the literature - and we propose to model the system under analysis with the Fault Trees/Attack Trees (FT/ATs) formalism, combining both FTs and ATs in a unique model. Furthermore, we propose a novel combination of the showcased logics to account for queries that jointly consider both the FT and the AT of the model, integrating influences of attacks on failure probabilities of different components. Finally, we extend the domain specific language for PFL with novel constructs to capture the interplay between metrics of attacks - e.g., "cost", success probabilities - and failure probabilities in the system
Model-based Safety and Security Co-analysis: a Survey
We survey the state-of-the-art on model-based formalisms for safety and
security analysis, where safety refers to the absence of unintended failures,
and security absence of malicious attacks. We consider ten model-based
formalisms, comparing their modeling principles, the interaction between safety
and security, and analysis methods. In each formalism, we model the classical
Locked Door Example where possible. Our key finding is that the exact nature of
safety-security interaction is still ill-understood. Existing formalisms merge
previous safety and security formalisms, without introducing specific
constructs to model safety-security interactions, or metrics to analyze trade
offs
Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber Physical Systems
Safety risk assessment is an essential process to ensure a dependable
Cyber-Physical System (CPS) design. Traditional risk assessment considers only
physical failures. For modern CPS, failures caused by cyber attacks are on the
rise. The focus of latest research effort is on safety-security lifecycle
integration and the expansion of modeling formalism for risk assessment to
incorporate security failures. The interaction between safety and security and
its impact on the overall system design, as well as the reliability loss
resulting from ignoring security failures are some of the overlooked research
questions. This paper addresses these research questions by presenting a new
safety design method named Cyber Layer Of Protection Analysis (CLOPA) that
extends existing LOPA framework to include failures caused by cyber attacks.
The proposed method provides a rigorous mathematical formulation that expresses
quantitatively the trade-off between designing a highly-reliable versus a
highly-secure CPS. We further propose a co-design lifecycle process that
integrates the safety and security risk assessment processes. We evaluate the
proposed CLOPA approach and the integrated lifecycle on a practical case study
of a process reactor controlled by an industrial control testbed, and provide a
comparison between the proposed CLOPA and current LOPA risk assessment
practice.Comment: Main Content: Title adjusted, Related work moved to end, added
references, Sec IV (prev. sec V): expanded discussion, design and Alg. 1
updated | Sec V (prev. sec VI): Expanded discussion, Table V Expanded.
Editorial: Fig 1 redrawn horiz., Eq (4)(5) math notation changed, same
content. Eq (25) expanded, Page-wide eq. not ref as fig (shift by 1 of fig
num), Fig 4 iterative design values show
Combination of Safety and Security Analysis - Finding Security Problems That Threaten the Safety of a System
In most cases in a safety analysis the influences of security problems are omitted or even forgotten. Because more and more systems are accessible from outside the system via maintenance interfaces, this missing security analysis is becoming a problem. This is why we propose an approach on how to extend the safety analysis by security aspects. Such a more comprehensive analysis should lead to systems that react in less catastrophic ways to attacks