Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Assessing the reliability of adaptive power system protection schemes

Adaptive power system protection can be used to improve the performance of existing protection schemes under certain network conditions. However, their deployment in the field is impeded by their perceived inferior reliability compared to existing protection arrangements. Moreover, their validation can be problematic due to the perceived high likelihood of the occurrence of failure modes or incorrect setting selection with variable network conditions. Reliability (including risk assessment) is one of the decisive measures that can be used in the process of verifying adaptive protection scheme performance. This paper proposes a generic methodology for assessing the reliability of adaptive protection. The method involves the identification of initiating events and scenarios that lead to protection failures and quantification of the probability of the occurrence of each failure. A numerical example of the methodology for an adaptive distance protection scheme is provided

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules

Timed Fault Tree Models of the China Yongwen Railway Accident

Safety is an essential requirement for railway transportation. There are many methods that have been developed to predict, prevent and mitigate accidents in this context. All of these methods have their own purpose and limitations. This paper presents a new useful analysis technique: timed fault tree analysis. This method extends traditional fault tree analysis with temporal events and fault characteristics. Timed Fault Trees (TFTs) can determine which faults need to be eliminated urgently, and it can also provide a safe time window to repair them. They can also be used to determine the time taken for railway maintenance requirements, and thereby improve maintenance efficiency, and reduce risks. In this paper, we present the features and functionality of a railway transportation system based on timed fault tree models. We demonstrate the applicability of our framework via a case study of the China Yongwen line railway accident

Building safe software

Murphy is a set of techniques and tools under investigation for their potential in enhancing the safety of software. This paper describes some of the work which has been done and some which is planned

Fault tree analysis and prevention strategies for gas explosion in underground coal mines of Pakistan

Purpose. Gas explosion in the underground coal mines of Pakistan is the main source of coal miners’ mortalities. The purpose of this article is to analyze the main causes of gas explosion in the underground coal mines of Pakistan. Methods. The study employs the Fault Tree Analysis (FTA) to understand the key root causes that lead to system failure. Particularly, this research has articulated the fault tree model in case of gas explosion in underground coal mines to analyze the root causes of this dangerous accident. Findings. This analysis has revealed that most of the root causes (4/7) with 5/10 accidents, 49/53 fatalities and 28/35 injuries resulted from primary failure of the gas explosion that poses a major threat to lives of mine workers. Similarly, the accumulation of gases and ignition are leading causes of gas explosion. Originality. FTA has been employed for the first time to understand the underlying root causes with the corresponding number of accident, fatalities and injuries of gas explosion in underground coal mines of Pakistan. This original application of FTA to the problem under discussion presents some important underlying factors which should be considered to reduce the risk of gas explosion and its related fatal and non-fatal accidents. Practical implications. The study proposes preventive strategies to lessen the fatal and non-fatal accidents resulting from gas explosions. Explicitly, Pakistan has to conduct major structural and safety management reforms.Мета. Аналіз впливу основних факторів, що викликають вибухи шахтного газу метану, на основі складання моделі дерева відмов в умовах вугільних шахт Пакистану. Методика. Для досягнення мети дослідження застосовано емпіричний аналіз вибухів газу у вугільних шахтах Пакистану на основі даних з 2010 по 2018 роки для визначення точного числа аварій зі смертельними випадками і травмами. Аналіз вибухів газу вивчався як якісно, так і кількісно для кращого розуміння першопричин, що створюють небезпечні аварійні ситуації на підставі аналізу дерева відмов (АДВ). Результати. Встановлено, що 11 нещасних випадків привели до 53 смертельних випадків і 35 травм у період з 2010 по 2018 роки у Пакистані. Значна частина причин (4 з 7), що призвели до 5 з 10 нещасних випадків, 49 з 53 смертей та 28 з 35 травм, була пов’язана з вибухом газу, а основні фактори, що викликають вибух – це накопичення газу і його загоряння. Акцентовано увагу на належну якість проектування шахт, регулярний огляд шахт, дотримання пропонованих правил і норм безпеки. Наукова новизна. Метод АДВ було вперше застосовано для розуміння глибинних причин, що викликають вибух газу у вугільних шахтах Пакистану, а його специфікація дозволила виявити ряд важливих ключових факторів, які слід враховувати для зменшення ризику вибуху газу й запобігання викликаних ним аварій. Практична значимість. Розроблено стратегічні заходи, що дозволяють запобігти або зменшити число аварій зі смертельними наслідками (або без них), викликаних вибухом газу. Для цієї мети пропонується, аби в Пакистані були проведені серйозні структурні реформи і перетворення в галузі охорони праці.Цель. Анализ влияния основных факторов, вызывающих взрывы шахтного газа метана на основе составления модели дерева отказов в условиях угольных шахт Пакистана. Методика. Для достижения цели исследования применен эмпирический анализ взрывов газа в угольных шахтах Пакистана на основе данных с 2010 по 2018 годы для определения точного числа аварий со смертельными случаями и травмами. Анализ взрывов газа изучался как качественно, так и количественно для лучшего понимания первопричин, которые создают опасные аварийные ситуации на основании анализа дерева отказов (АДО). Результаты. Установлено, что 11 несчастных случаев привели к 53 смертельным случаям и 35 травмам в период с 2010 по 2018 годы в Пакистане. Значительная часть причин (4 из 7), приведших к 5 из 10 несчастных случаев, 49 из 53 смертей и 28 из 35 травм, была связана со взрывом газа, а основные факторы, вызывающие взрыв – это накопление газа и его возгорание. Акцентировано внимание на надлежащее качество проектирования шахт, регулярный осмотр шахт, соблюдение предлагаемых правил и норм безопасности шахт. Научная новизна. Метод АДО был впервые применен впервые для понимания глубинных причин, вызывающих взрыв газа в угольных шахтах Пакистана, а его спецификация позволила выявить ряд важных ключевых факторов, которые следует учитывать для сокращения риска взрыва газа и предотвращения вызванных им аварий. Практическая значимость. Разработаны стратегические меры, позволяющие предотвратить или уменьшить число аварий со смертельными последствиями (или без них), вызванных взрывом газа. Для этой цели предлагается, чтобы в Пакистане были проведены серьезные структурные реформы и преобразования в области охраны труда.This research was funded by the National Natural Science Foundation of China (51574226) and 2017 Special Project of Subject Frontiers Scientific Research in China University of Mining and Technology (2017XKQY047). Additionally, authors are very thankful to the School of Mines, China University of Mining and Technology, Xuzhou, 221116 China, whose support allowed to accomplish this research within the specified time