Combined Approach for Safety and Security

With evolution in Cyber-Physical Systems, the dependence and conflicts among dependability attributes (safety, security, reliability, availability etc) have become increasingly complex. We can not consider these dependability attributes in isolation, therefore, combined approaches for safety, security and other attributes are required. In this document, we provide a matrix based approach (inspired from ANP (Analytical Network Process)) for combined risk assessment for safety and security. This approach allows combined risk assessment considering dependence and conflict among attributes. The assessment results for different dependability attributes (such as safety, security etc.) are provided in the ANP matrix. We will discuss approaches such as Fault Tree Analysis (FTA), Stochastic Colored Petri Net (SCPN) Analysis, Attack Tree Analysis (ATA), Failure Mode Vulnerability and Effect Analysis (FMVEA) for evaluation of concerned attributes and achieving our goal of combined assessment.

[1]  Faisal Khan,et al.  Availability analysis of safety critical systems using advanced fault tree and stochastic Petri net formalisms , 2016 .

[2]  Donald J. Reifer,et al.  Software Failure Modes and Effects Analysis , 1979, IEEE Transactions on Reliability.

[3]  Vijay Gehlot,et al.  An introduction to systems modeling and simulation with Colored Petri Nets , 2010, Proceedings of the 2010 Winter Simulation Conference.

[4]  Xi Liu,et al.  RAMS Analysis of Hybrid Redundancy System of Subsea Blowout Preventer Based on Stochastic Petri Nets , 2013 .

[5]  Shouhuai Xu,et al.  Predicting Cyber Attack Rates With Extreme Values , 2015, IEEE Transactions on Information Forensics and Security.

[6]  Christoph Schmittner,et al.  Security Application of Failure Mode and Effect Analysis (FMEA) , 2014, SAFECOMP.

[7]  Srinivas Sriramula,et al.  Unavailability assessment of redundant safety instrumented systems subject to process demand , 2018, Reliab. Eng. Syst. Saf..

[8]  Uday Kumar,et al.  Safety and availability evaluation of railway operation based on the state of signalling systems , 2017 .

[9]  Nikola Kadoić,et al.  Decision making with the analytic network process , 2017 .

[10]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[11]  T. Saaty How to Make a Decision: The Analytic Hierarchy Process , 1990 .

[12]  Tiedo Tinga,et al.  Improving failure analysis efficiency by combining FTA and FMEA in a recursive manner , 2018, Reliab. Eng. Syst. Saf..

[13]  T. Saaty The Analytic Network Process , 2001 .

[14]  Rick Kazman,et al.  Architectural Analysis for Security , 2015, IEEE Security & Privacy.

[15]  Mohamed Azab,et al.  Survey on Security Issues in Vehicular Ad Hoc Networks , 2015 .

[16]  Christoph Schmittner,et al.  Threat Modeling for Automotive Security Analysis , 2016 .

[17]  Christoph Schmittner,et al.  Using SAE J3061 for Automotive Security Requirement Engineering , 2016, SAFECOMP Workshops.

[18]  Rajesh Kumar,et al.  Quantitative Security and Safety Analysis with Attack-Fault Trees , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[19]  Rajesh Kumar,et al.  Truth or dare : quantitative security risk analysis via attack trees , 2018 .

[20]  Markus Maurer,et al.  Hazard analysis and risk assessment for an automated unmanned protective vehicle , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[21]  Haojin Zhu,et al.  Security Assessment via Attack Tree Model , 2013 .

[22]  Marvin Rausand,et al.  System Reliability Theory , 2020, Wiley Series in Probability and Statistics.

[23]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[24]  Andrea Bobbio,et al.  System Modelling with Petri Nets , 1990 .

[25]  Sohag Kabir,et al.  An overview of fault tree analysis and its application in model based dependability analysis , 2017, Expert Syst. Appl..

[26]  Jiacun Wang,et al.  Petri Nets for Dynamic Event-Driven System Modeling , 2007, Handbook of Dynamic System Modeling.