liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Combined Safety and Security Constraints Analysis
Instituto Tecnológico de Aeronáutica, São José dos Campos, Brazil.
Instituto Tecnológico de Aeronáutica, São José dos Campos, Brazil.
Instituto Tecnológico de Aeronáutica, São José dos Campos, Brazil.
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (RTSLAB)ORCID iD: 0000-0002-1485-0802
2017 (English)In: Proceedings of the 5th International Workshop on Assurance Cases for Software-Intensive Systems (SAFECOMP workshops) / [ed] Stefano Tonetta, Erwin Schoitsch, Springer, 2017, Vol. 10489, p. 70-80Conference paper, Published paper (Refereed)
Abstract [en]

A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is a well-known framework that has been largely employed to aid in identifying threats event/source and vulnerabilities, determining the effectiveness security control, and evaluating the adverse impact of risks. Safety and security analyses, when performed independently, may generate conflicts of design constraints that result in an inconsistent design. This paper reports a novel integrated approach for safety analysis and security analysis of systems. In our approach, safety analysis is conducted with STPA while security analysis employs NIST SP800-30. It builds on a specification of security and safety constraints and outlines a scheme to automatically analyze and detect conflicts between and pairwise reinforcements of various constraints. Preliminary results show that the approach allows security and safety teams to perform a more efficient analysis.

Place, publisher, year, edition, pages
Springer, 2017. Vol. 10489, p. 70-80
Series
Lecture Notes in Computer Science, ISSN 1611-3349
Keywords [en]
Safety Analysis, Security Analysis, STPA, NIST SP800-30
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-141781DOI: 10.1007/978-3-319-66284-8_7Scopus ID: 2-s2.0-85029470017OAI: oai:DiVA.org:liu-141781DiVA, id: diva2:1147456
Conference
ASSURE 2017: 5th International Workshop on Assurance Cases for Software-intensive Systems, Trento, Italy, September 12, 2017
Projects
RICSNFFP6Available from: 2017-10-05 Created: 2017-10-05 Last updated: 2018-08-14Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Nadjm-Tehrani, Simin

Search in DiVA

By author/editor
Nadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 75 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf