Towards a Formal Approach to Analysing Security of Safety-Critical Systems

Since safety-critical control systems become increasingly interconnected, there is a clear need for the techniques that enable an integrated analysis of safety and security requirements. In this paper, we propose an integrated approach to systematically deriving and formalising safety and security requirements. To facilitate requirements elicitation, we propose to adapt and integrate traditional safety and security analysis techniques. To formally specify and verify the requirements, we rely on Event-B framework. By relying on refinement and proofs, the framework allows us to specify and verify system behaviour in presence of both accidental faults and security attacks and analyse mutual interdependencies between safety and security requirements.

[1]  D.,et al.  The Semantics of Data Flow DiagramsP , 1993 .

[2]  Rune Winther,et al.  Security Assessments of Safety Critical Systems Using HAZOPs , 2001, SAFECOMP.

[3]  Elena Troubitsyna,et al.  Towards Security-Explicit Formal Modelling of Safety-Critical Systems , 2016, SAFECOMP.

[4]  Peter Liggesmeyer,et al.  Combination of Safety and Security Analysis - Finding Security Problems That Threaten The Safety of a System , 2013, DECS@SAFECOMP.

[5]  Elena Troubitsyna,et al.  Integrating stochastic reasoning into Event-B development , 2014, Formal Aspects of Computing.

[6]  Elena Troubitsyna,et al.  Patterns for Representing FMEA in Formal Specification of Control Systems , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[7]  Elena Troubitsyna,et al.  Refinement of Fault Tolerant Control Systems in B , 2004, SAFECOMP.

[8]  Elena Troubitsyna,et al.  Facilitating construction of safety cases from formal models in Event-B , 2015, Inf. Softw. Technol..

[9]  Georgeta Igna,et al.  Distributed MILS Architectural Approach for Secure Smart Grids , 2014, SmartGridSec.

[10]  Christoph Schmittner,et al.  Limitation and Improvement of STPA-Sec for Safety and Security Co-analysis , 2016, SAFECOMP Workshops.

[11]  Elena Troubitsyna,et al.  Co-engineering Safety and Security in Industrial Control Systems: A Formal Outlook , 2017, SERENE.

[12]  Elena Troubitsyna,et al.  Formal Development and Assessment of a Reconfigurable On-board Satellite System , 2012, SAFECOMP.

[13]  Christoph Schmittner,et al.  Security Application of Failure Mode and Effect Analysis (FMEA) , 2014, SAFECOMP.

[14]  Jean-Raymond Abrial Modeling in Event-B: A simple file transfer protocol , 2010 .

[15]  Alessandro Cimatti,et al.  Combining MILS with Contract-Based Design for Safety and Security Requirements , 2014, SAFECOMP Workshops.

[16]  Elena Troubitsyna,et al.  Augmenting Event-B modelling with real-time verification , 2012, 2012 First International Workshop on Formal Methods in Software Engineering: Rigorous and Agile Approaches (FormSERA).

[17]  Elena Troubitsyna,et al.  Towards Probabilistic Modelling in Event-B , 2010, IFM.

[18]  Kaisa Sere,et al.  Safety Analysis in Formal Specification , 1999, World Congress on Formal Methods.

[19]  Nancy G. Leveson,et al.  Inside Risks An Integrated Approach to Safety and Security Based on Systems Theory , 2013 .