On Safety and Security Requirements in Emerging Ubiquitous Computing Models

The fields of safety and security are converging due to a number of factors, including the rise in system interconnectivity and an increased dependence on the Internet as part of critical national infrastructures. Partly as a reflection of this, there is a wealth of literature pertaining to the increasing interdependence between safety and security. While much of this research has been concerned with large-scale industrial systems, the rapid emergence of what might be termed Consumer cyber physical systems (Consumer CPS) means that it is crucial that such issues are considered in that context also. We evaluate the motivations for implementing Consumer CPS and the novelty of safety and security concerns that such systems give rise to. This evaluation is subsequently used to establish a collection of cyber security requirements for this emerging domain. We also consider how these requirements might impact upon product lifecycles. Our contribution is motivated and illustrated by three representative scenarios.

[1]  Andreas Pfitzmann Why Safety and Security Should and Will Merge , 2004, SAFECOMP.

[2]  Gary Stoneburner,et al.  Engineering principles for information technology security (a baseline for achieving security) :: recommendations of the National Institute of Standards and Technology , 2001 .

[3]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[4]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[5]  Nicolas Mayer,et al.  Model-based Management of Information System Security Risk , 2012 .

[6]  Qaisar Shafi,et al.  Cyber Physical Systems Security: A Brief Survey , 2012, 2012 12th International Conference on Computational Science and Its Applications.

[7]  Tilman Wolf,et al.  The Cyber-Physical Marketplace: A Framework for Large-Scale Horizontal Integration in Distributed Cyber-Physical Systems , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[8]  Ludovic Piètre-Cambacédès,et al.  The SEMA referential framework: Avoiding ambiguities in the terms "security" and "safety" , 2010, Int. J. Crit. Infrastructure Prot..

[9]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[10]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[11]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .

[12]  N. Nugent,et al.  European Commission , 1993, European Energy and Environmental Law Review.

[13]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[14]  Emiliya Dimitrova BUILDING AUTOMATION AND CONTROL SYSTEMS , 2016 .

[15]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[16]  Mario Trapp,et al.  A Safety Engineering Framework for Open Adaptive Systems , 2011, 2011 IEEE Fifth International Conference on Self-Adaptive and Self-Organizing Systems.

[17]  Bruce Lewis,et al.  An approach to integration of complex systems: the SAVI virtual integration process , 2013 .

[18]  Mark Fabro,et al.  Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .

[19]  M. Angela Sasse,et al.  Safe and sound: a safety-critical approach to security , 2001, NSPW '01.

[20]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[21]  T. Anderson Kernels for Safety ? , 1989 .

[22]  Helmut Krueger,et al.  Using New Learning Technologies with Multimedia , 2000, IEEE Multim..

[23]  Insup Lee,et al.  Cyber-physical systems: The next computing revolution , 2010, Design Automation Conference.

[24]  Andrew C. Simpson,et al.  Safety through security , 1998, Proceedings Ninth International Workshop on Software Specification and Design.

[25]  Artemios G. Voyiatzis,et al.  Security challenges in embedded systems , 2013, ACM Trans. Embed. Comput. Syst..

[26]  Hubert Österle,et al.  IT-Driven Business Models: Global Case Studies in Transformation , 2010 .

[27]  Alan Burns,et al.  On the Meaning of Safety and Security , 1992, Comput. J..

[28]  Ludovic Piètre-Cambacédès,et al.  Cross-fertilization between safety and security engineering , 2013, Reliab. Eng. Syst. Saf..

[29]  Ayan Banerjee,et al.  BAND-AiDe: A Tool for Cyber-Physical Oriented Analysis and Design of Body Area Networks and Devices , 2012, TECS.

[30]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[31]  Angelos D. Keromytis,et al.  From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television , 2014, USENIX Security Symposium.

[32]  Hamid Sharif,et al.  A Survey on Smart Grid Communication Infrastructures: Motivations, Requirements and Challenges , 2013, IEEE Communications Surveys & Tutorials.

[33]  Gary Stoneburner,et al.  SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A , 2004 .