liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A STAMP-based ontology approach to support Safety and Security
ITA Instituto Tecnologico de Aeronautica, Sao Jose dos Campos, Brazil.
ITA Instituto Tecnologico de Aeronautica, Sao Jose dos Campos, Brazil.ORCID iD: 0000-0002-9746-7605
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering. (Real-time Systems Laboratory)ORCID iD: 0000-0002-1485-0802
2019 (English)In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Journal of Information Security and Applications Analyses, Vol. 47, p. 302-319Article in journal (Refereed) Published
Abstract [en]

Considerations of safety and security in the early stage of system life cycle are essential to collect and prioritize operation needs, determine feasibility of the desired system, and identify technology gaps. Experts from many disciplines are needed to perform the safety and security analyses, ensuring that a system has the necessary attributes. Safety assessment is usually conducted in the concept stage. On the order hand, security assessment is performed in design stage usually when an initial architecture along with the logical and physical components are defined. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on systems thinking and is built on top of a new causality model of accident, which stands for Systems-Theoretic Accident Model and Processes (STAMP), grounded in systems theory. STPA for Security (STPA-Sec) is an extension of STPA that proposes to include security concerns into the analysis. STPA-Sec helps identifying some hazardous control actions, causal scenarios, and casual factors; however, no emphasis is placed on security threat scenarios. In this paper we propose an ontology-based technique that extends STPA-Sec to improve identification of causal scenarios and associated casual factors, specifically those related to security. We propose an approach that assists safety and security experts conducting safety and security analyses using STPA-Sec with a supporting ontology. First, we present an ontology representing the safety and security knowledge through STPA-Sec process, and provide a tool that implements the proposed ontology. We then propose a process to capture safety and security knowledge into the proposed ontology to identify causal scenarios. We perform a preliminary evaluation of the ontology and the process using an aeronautic case study. The results show that the ontology-based approach helps systems engineers to identify more security scenarios compared to the case where they use only STPA-Sec. Furthermore, some hazardous control actions are not addressed if the systems engineer uses the basic STPA-Sec.

Place, publisher, year, edition, pages
Elsevier, 2019. Vol. 47, p. 302-319
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-161754DOI: 10.1016/j.jisa.2019.05.014ISI: 000480387600032Scopus ID: 2-s2.0-85066634864OAI: oai:DiVA.org:liu-161754DiVA, id: diva2:1368887
Available from: 2019-11-08 Created: 2019-11-08 Last updated: 2019-11-14Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Nadjm-Tehrani, Simin

Search in DiVA

By author/editor
Hirata, CelsoNadjm-Tehrani, Simin
By organisation
Software and SystemsFaculty of Science & Engineering
In the same journal
Journal of Information Security and Applications
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 14 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf