论文信息 - Extracting interdependent requirements and resolving conflicted requirements of safety and security for industrial control systems

Extracting interdependent requirements and resolving conflicted requirements of safety and security for industrial control systems

Industrial control systems are safety-critical systems. However, security attacks aiming at industrial control systems are rising tremendously in recent years. As a result, not only safety but also security should be considered in industrial control systems. To protect industrial control systems from failing due to intentional attacks from outside of the system and internal faults, safety and security must be considered comprehensively for the two following reasons: Firstly, it is security attacks from outside of the system that weaken inside equipment, which then leads to safety issues. This means that safety and security are related. Secondly, safety and security are two different areas with their own focuses. When trying to achieve their separate goals in the same industrial control system, safety requirements and security requirements may be conflicted. Therefore it is necessary to study the relationship between safety and security and consider them comprehensively. In this paper, we focus on requirement analysis phase. The relationships between safety and security requirements are analyzed and classified. An integrated requirement analysis method is proposed to extract interdependent safety and security requirements and resolve conflicted safety and security requirements. Finally, two examples are given to show how to use the proposed method.

Luyi Li | Minyan Lu | Tingyang Gu

[1] Ludovic Piètre-Cambacédès,et al. Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes) , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[2] Ludovic Piètre-Cambacédès,et al. Cross-fertilization between safety and security engineering , 2013, Reliab. Eng. Syst. Saf..

[3] Andrew J. Kornecki,et al. Safety and security in industrial control , 2010, CSIIRW '10.

[4] Thomas Novak,et al. Safety- and Security-Critical Services in Building Automation and Control Systems , 2010, IEEE Transactions on Industrial Electronics.

[5] Ludovic Piètre-Cambacédès,et al. The SEMA referential framework: Avoiding ambiguities in the terms "security" and "safety" , 2010, Int. J. Crit. Infrastructure Prot..

[6] Nancy G. Leveson,et al. Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory , 2013 .

[7] Aditya P. Mathur,et al. Aligning Cyber-Physical System Safety and Security , 2014, CSDM Asia.

[8] Julien Delange,et al. Validating Safety and Security Requirements for Partitioned Architectures , 2009, Ada-Europe.

[9] Nuno Silva,et al. Adding Security Concerns to Safety Critical Certification , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.

[10] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .