liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A STAMP-based ontology approach to support safety and security analyses
ITA, Brazil.
ITA, Brazil.
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0002-1485-0802
2019 (English)In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 47, p. 302-319Article in journal (Refereed) Published
Abstract [en]

Considerations of safety and security in the early stage of system life cycle are essential to collect and prioritize operation needs, determine feasibility of the desired system, and identify technology gaps. Experts from many disciplines are needed to perform the safety and security analyses, ensuring that a system has the necessary attributes. Safety assessment is usually conducted in the concept stage. On the order hand, security assessment is performed in design stage usually when an initial architecture along with the logical and physical components are defined. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on systems thinking and is built on top of a new causality model of accident, which stands for Systems-Theoretic Accident Model and Processes (STAMP), grounded in systems theory. STPA for Security (STPA-Sec) is an extension of STPA that proposes to include security concerns into the analysis. STPA-Sec helps identifying some hazardous control actions, causal scenarios, and casual factors; however, no emphasis is placed on security threat scenarios. In this paper we propose an ontology-based technique that extends STPA-Sec to improve identification of causal scenarios and associated casual factors, specifically those related to security. We propose an approach that assists safety and security experts conducting safety and security analyses using STPA-Sec with a supporting ontology. First, we present an ontology representing the safety and security knowledge through STPA-Sec process, and provide a tool that implements the proposed ontology. We then propose a process to capture safety and security knowledge into the proposed ontology to identify causal scenarios. We perform a preliminary evaluation of the ontology and the process using an aeronautic case study. The results show that the ontology-based approach helps systems engineers to identify more security scenarios compared to the case where they use only STPA-Sec. Furthermore, some hazardous control actions are not addressed if the systems engineer uses the basic STPA-Sec. (C) 2019 Elsevier Ltd. All rights reserved.

Place, publisher, year, edition, pages
ELSEVIER , 2019. Vol. 47, p. 302-319
Keywords [en]
Safety assessment; Security assessment; Security ontology; STAMP/STPA-Sec
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-160057DOI: 10.1016/j.jisa.2019.05.014ISI: 000480387600032OAI: oai:DiVA.org:liu-160057DiVA, id: diva2:1349024
Note

Funding Agencies|CNPq [403921/2016-3, 306186/2018-7]; CISB SAAB [04/2016]; national projects on aeronautics [NFFP7-04890]; research centre on Resilient Information and Control Systems

Available from: 2019-09-06 Created: 2019-09-06 Last updated: 2019-09-06

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Nadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
In the same journal
Journal of Information Security and Applications
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 2 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf