A Comparative Study of STPA-Extension and the UFoI-E Method for Safety and Security Co-analysis

Emerging challenges in cyber-physical systems (CPSs) have been encouraging the development of safety and security co-analysis methods. These methods aim at mitigating the new risks associated with the convergence of safety-related systemic flaws and security-related cyber-attacks that have led to major losses in CPSs. Although several studies have reviewed existing safety and security co-analysis methods, only a few empirical studies have attempted to compare their strengths and limitations to guide risk analysis in practice. This paper bridges the gap between two novel safety and security co-analysis methods and their practical implementations. Namely, this paper compares a novel extension of the System-Theoretic Process Analysis (STPA-Extension) and the Uncontrolled Flows of Information and Energy (UFoI-E) method through a common case study. In our case study, the CPS under analysis is a conceptual autonomous ship. We conducted our comparative study as two independent teams to guarantee that the implementation of one method did not influence the other method. Furthermore, we developed a comparative framework that evaluates the relative completeness and the effort required in each analysis. Finally, we propose a tailored combination of these methods, exploiting their unique strengths to achieve more complete and cost-effective risk analysis results.

[1]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[2]  Fengjun Li,et al.  Cyber-Physical Systems Security—A Survey , 2017, IEEE Internet of Things Journal.

[3]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .

[4]  Stuart Madnick,et al.  A System Theoretic Approach to Cybersecurity Risk Analysis and Mitigation for Autonomous Passenger Vehicles , 2018 .

[5]  Birgitte Rasmussen,et al.  Accidents and risk control , 1997 .

[6]  Christoph Schmittner,et al.  Limitation and Improvement of STPA-Sec for Safety and Security Co-analysis , 2016, SAFECOMP Workshops.

[7]  Jon Arne Glomsrud A Structured STPA Safety and Security Co-analysis Framework for Autonomous Ships , 2019, Proceedings of the 29th European Safety and Reliability Conference (ESREL).

[8]  J. R. Taylor Automated HAZOP revisited , 2017 .

[9]  J. Hovden,et al.  Is there a need for new theories, models and approaches to occupational accident prevention? , 2010 .

[10]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[11]  Christoph Schmittner,et al.  A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems , 2015, CPSS@ASIACSS.

[12]  Georgios Kavallieratos,et al.  Cybersecurity and Safety Co-Engineering of Cyberphysical Systems - A Comprehensive Survey , 2020, Future Internet.

[13]  Christine Lovise Solberg An STPA Analysis of the ReVolt - Expanding and Improving the System-Theoretic Process Analysis (STPA) Framework , 2018 .

[14]  Martin Höst,et al.  Comparison of the FMEA and STPA safety analysis methods–a case study , 2019, Software Quality Journal.

[15]  Enrico Zio,et al.  The future of risk assessment , 2018, Reliab. Eng. Syst. Saf..

[16]  Nancy G. Leveson,et al.  Systems thinking for safety and security , 2013, ACSAC.

[17]  Frank W. Guldenmund,et al.  The bowtie method: a review , 2016 .

[18]  STPA Primer,et al.  An STPA Primer , 2013 .

[19]  Terje Aven,et al.  How the definition of security risk can be made compatible with safety definitions , 2017 .

[20]  Sakir Sezer,et al.  STPA-SafeSec: Safety and security analysis for cyber-physical systems , 2017, J. Inf. Secur. Appl..

[21]  Clifton A. Ericson,et al.  Hazard Analysis Techniques for System Safety , 2005 .

[22]  Joseph W. Weiss,et al.  Protecting Industrial Control Systems from Electronic Threats , 2010 .

[23]  Ludovic Piètre-Cambacédès,et al.  The SEMA referential framework: Avoiding ambiguities in the terms "security" and "safety" , 2010, Int. J. Crit. Infrastructure Prot..

[24]  Yvonne Toft,et al.  Models of causation safety , 2012 .

[25]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[26]  Péter Kárpáti,et al.  A Combined Process for Elicitation and Analysis of Safety and Security Requirements , 2012, BMMDS/EMMSAD.

[27]  Shuang-Hua Yang,et al.  Safety and security risk assessment in cyber-physical systems , 2019, IET Cyper-Phys. Syst.: Theory & Appl..

[28]  Miguel P Caldas,et al.  Research design: qualitative, quantitative, and mixed methods approaches , 2003 .

[29]  Wolter Pieters,et al.  Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications , 2016, CRITIS.

[30]  Mary Ann Lundteigen,et al.  Conceptualizing the key features of cyber‐physical systems in a multi‐layered representation for safety and security analysis , 2019, Syst. Eng..

[31]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[32]  Ludovic Piètre-Cambacédès,et al.  A survey of approaches combining safety and security for industrial control systems , 2015, Reliab. Eng. Syst. Saf..

[33]  Nelson H. Carreras Guzman,et al.  Design of IoT-based Cyber-Physical Systems: A Driverless Bulldozer Prototype , 2019, Inf..

[34]  Marc Bouissou,et al.  Comparing Two Approaches to Safety and Security Modelling : BDMP Technique and CHASSIS Method , 2013 .

[35]  Kevin G. Corley,et al.  Seeking Qualitative Rigor in Inductive Research , 2013 .

[36]  R. Stake The art of case study research , 1995 .

[37]  Vasilis Fthenakis,et al.  Hazard and operability (HAZOP) analysis. A literature review. , 2010, Journal of hazardous materials.

[38]  Mary Ann Lundteigen,et al.  Combined Safety and Security Risk Analysis using the Ufoi-E Method: A Case Study of an Autonomous Surface Vessel , 2019, Proceedings of the 29th European Safety and Reliability Conference (ESREL).

[39]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[40]  Georgios Kavallieratos,et al.  SafeSec Tropos: Joint security and safety requirements elicitation , 2020, Comput. Stand. Interfaces.

[41]  Marvin Rausand,et al.  Risk Assessment: Theory, Methods, and Applications , 2011 .