METAMODEL FOR SAFETY AND SECURITY INTEGRATED SYSTEM ARCHITECTURE MODELING

Abstract As digitization progresses, the integration of information and communication technologies in technical systems is constantly increasing. Fascinating value potentials are emerging (e.g. autonomous driving), but also challenges in the system development. The constantly increasing product complexity and degree of networking require a systemic development, which is fulfilled by established approaches of Model-Based Systems Engineering (MBSE). To ensure the reliability of tomorrow's systems, an integrative and early consideration of security and safety is additionally required. In order to show the possibility and consequences of failures and attacks, the paper develops a modeling language that links established and partly isolated security and safety approaches within a consistent metamodel. The developer is enabled to synthesize system architectures transparently on an interdisciplinary level and to analyze attack and failure propagation integratively. The approach uncovers synergetic and especially contrasting goals and effects of architectural designs in terms of safety and security in order to make adequate architectural decisions based on trade-off analyses.

[1]  Robert F. Oates,et al.  Security-Aware, Model-Based Systems Engineering with SysML , 2013, ICS-CSR.

[2]  川名 茂之 車載用サイバーセキュリティ国際標準 : ISO/SAE 21434[Road vehicles : Cybersecurity engineering]開発動向 (情報セキュリティ・個人情報保護 : 法改正,企業の取組み) , 2020 .

[3]  Tobias Hoppe Prävention, Detektion und Reaktion gegen drei Ausprägungsformen automotiver Malware - eine methodische Analyse im Spektrum von Manipulationen und Schutzkonzepten , 2014 .

[4]  Martin Walker,et al.  Integrated safety and architecture modeling for automotive embedded systems* , 2011, Elektrotech. Informationstechnik.

[5]  Eric Armengaud,et al.  Threat and Risk Assessment Methodologies in the Automotive Domain , 2016, ANT/SEIT.

[6]  Alberto Rodrigues da Silva,et al.  Model-driven engineering: A survey supported by the unified conceptual model , 2015, Comput. Lang. Syst. Struct..

[7]  Max Steiner Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees , 2016 .

[8]  David D. Walden,et al.  Systems engineering handbook : a guide for system life cycle processes and activities , 2015 .

[9]  Ludovic Apvrille,et al.  SysML-Sec: A model driven approach for designing safe and secure systems , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[10]  Jan Jürjens,et al.  UMLsec4UML2 - Adopting UMLsec to Support UML2 , 2011 .

[11]  Andrew Jones,et al.  Analyzing Threat Agents and Their Attributes , 2005, ECIW.

[12]  Alexander Pretschner,et al.  Model-Based Safety and Security Engineering , 2018, ArXiv.

[13]  Pierre David,et al.  Supporting ISO 26262 with SysML, Benefits and Limits , 2010 .

[14]  M. Hillenbrand Funktionale Sicherheit nach ISO 26262 in der Konzeptphase der Entwicklung von Elektrik/Elektronik Architekturen von Fahrzeugen , 2012 .

[15]  Chris Rupp,et al.  UML 2 glasklar: Praxiswissen für die UML-Modellierung , 2012 .

[16]  Kyle Post,et al.  Integrating Safety and Reliability Analysis into MBSE: overview of the new proposed OMG standard , 2018, INCOSE International Symposium.

[17]  Jürgen Gausemeier,et al.  Design Methodology for Intelligent Technical Systems, Develop Intelligent Technical Systems of the Future , 2014, Design Methodology for Intelligent Technical Systems.

[18]  Roman Dumitrescu,et al.  Autonome Systeme in der Produktion , 2018 .

[19]  Ludovic Apvrille,et al.  Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems , 2014, GraMSec.