Merging safety and cybersecurity analysis in product design
When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. The authors propose a framework for integrated system-level analyses for functional safety and cyber security. They present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft's six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service and Elevation Privilege. TIRCPS introduces three benefits of developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available. Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events (HEs) to threats. Third, TIRCPS formalises the definition of threats such that intelligent tools can be built to automatically detect most of a system's vulnerable components requiring protection. They present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber-threats traceable to high-level HEs are used to design mitigation solutions.
- Record URL:
-
Availability:
- Find a library where document is available. Order URL: http://worldcat.org/issn/1751956X
-
Supplemental Notes:
- Abstract reprinted with permission of the Institution of Engineering and Technology.
-
Authors:
- Suo, Dajiang
- Siegel, Joshua E
- Sarma, Sanjay E
- Publication Date: 2018-11
Language
- English
Media Info
- Media Type: Web
- Features: References;
- Pagination: pp 1103-1109
-
Serial:
- IET Intelligent Transport Systems
- Volume: 12
- Issue Number: 9
- Publisher: Institution of Engineering and Technology (IET)
- ISSN: 1751-956X
- EISSN: 1751-9578
- Serial URL: https://ietresearch.onlinelibrary.wiley.com/journal/17519578
-
Publication flags:
Open Access (libre)
Subject/Index Terms
- TRT Terms: Automated vehicle control; Computer security; Design; Hazards; Intelligent vehicles; Product development
- Subject Areas: Design; Highways; Security and Emergencies; Vehicles and Equipment;
Filing Info
- Accession Number: 01683862
- Record Type: Publication
- Files: TRIS
- Created Date: Oct 22 2018 4:00PM