Combined safety and security development lifecylce

The evolution of Cyber-physical Systems and their often critical roles in many application domains such as automotive, aeronautics, energy, and railway make it necessary to address safety and security issues equally throughout the entire system lifecycle. In the past, safety and security development has been mostly performed independently. With increasing complexity and connectivity, this separation is no longer justifiable. This paper proposes a combined safety and security development lifecycle. We review existing standards in order to identify safety and security core activities. Based on the results, a combined lifecycle is introduced that integrates both safety and security considerations and activities in a coordinated way. Finally the feasibility of the approach is demonstrated by case studies.

[1]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: design and architecture , 2008, IEEE Communications Magazine.

[2]  Elmar Schoch,et al.  Security Engineering for VANETs , 2006 .

[3]  Richard Kissel,et al.  SP 800-64 Rev. 2. Security Considerations in the System Development Life Cycle , 2008 .

[4]  Artemios G. Voyiatzis,et al.  Security challenges in embedded systems , 2013, ACM Trans. Embed. Comput. Syst..

[5]  WebbReis Programmable Logic Controllers , 2015 .

[6]  Christoph Schmittner,et al.  FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles , 2014, SAFECOMP Workshops.

[7]  Joakim Öjendal,et al.  The Security-Development Nexus: Exploring the Security-Development Nexus , 2012 .

[8]  Frank D. Petruzella,et al.  Programmable Logic Controllers , 1989 .

[9]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[10]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[11]  William Bolton Chapter 1 – Programmable Logic Controllers , 2015 .

[12]  Feng Liu,et al.  Influence between Functional Safety and Security , 2007, 2007 2nd IEEE Conference on Industrial Electronics and Applications.

[13]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[14]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[15]  Shuhei Yamashita,et al.  Introduction of ISO 26262 'Road vehicles-Functional safety' , 2012 .

[16]  Michael Howard,et al.  Inside the Windows Security Push , 2003, IEEE Secur. Priv..

[17]  Erwin Schoitsch Design for Safety and Security of Complex Embedded Systems: A Unified Approach , 2005 .