Merging safety and cybersecurity analysis in product design

When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. The authors propose a framework for integrated system-level analyses for functional safety and cyber security. They present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft's six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service and Elevation Privilege. TIRCPS introduces three benefits of developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available. Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events (HEs) to threats. Third, TIRCPS formalises the definition of threats such that intelligent tools can be built to automatically detect most of a system's vulnerable components requiring protection. They present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber-threats traceable to high-level HEs are used to design mitigation solutions.

• Record URL:
  https://doi.org/10.1049/iet-its.2018.5323
• Availability:
  • Find a library where document is available. Order URL: http://worldcat.org/issn/1751956X
• Supplemental Notes:
  • Abstract reprinted with permission of the Institution of Engineering and Technology.
• Authors:
  • Suo, Dajiang
  • Siegel, Joshua E
  • Sarma, Sanjay E
• Publication Date: 2018-11

Language

• English

Media Info

• Media Type: Web
• Features: References;
• Pagination: pp 1103-1109
• Serial:
  • IET Intelligent Transport Systems
  • Volume: 12
  • Issue Number: 9
  • Publisher: Institution of Engineering and Technology (IET)
  • ISSN: 1751-956X
  • EISSN: 1751-9578
  • Serial URL: https://ietresearch.onlinelibrary.wiley.com/journal/17519578
• Publication flags:

  Open Access (libre)

Subject/Index Terms

• TRT Terms: Automated vehicle control; Computer security; Design; Hazards; Intelligent vehicles; Product development
• Subject Areas: Design; Highways; Security and Emergencies; Vehicles and Equipment;

Filing Info

• Accession Number: 01683862
• Record Type: Publication
• Files: TRIS
• Created Date: Oct 22 2018 4:00PM