Abstract
Many safety critical systems are integrating more and more software based systems and are becoming increasingly connected. Such Cyber-Physical Systems require high assurance both on safety and security but also on how such properties affect each other. This covers not only design time aspects but also the run-time: as cyber-security threats evolve constantly, it is necessary to consider how to perform updates of the software without breaking any safety properties. This paper proposes a method to co-engineer them based on sound techniques taken from goal-oriented requirements engineering. The approach is illustrated on a case study from the automotive domain. The case study illustrates the challenges to safety and security co-engineering created by the trend of growing connectivity and the evolution towards more autonomous vehicles in the transportation domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ben Othmane, L., Al-Fuqaha, A., Ben Hamida, E., Van Den Brand, M.: Towards extended safety in connected vehicles. In: 2013 16th International IEEE Conference on Intelligent Transportation Systems-(ITSC), pp. 652–657. IEEE (2013)
Cartwright, R., Cheng, A., Hudak, P., OMalley, M., Taha, W.: Cyber-physical challenges in transportation system design. In: National Workshop for Research on High Confidence Transportation Cyber-Physical Systems (2008)
CENELEC: EN 50128:2001, Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems. Technical report (2001)
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 6. USENIX Association, Berkeley (2011)
Du, S., Zhu, H.: Security assessment via attack tree model. In: Du, S., Zhu, H. (eds.) Security Assessment in Vehicular Networks. SpringerBriefs in Computer Science, pp. 9–16. Springer, New York (2013)
Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)
International Standardization Organization: ISO 26262: Road vehicles - functional safety. ISO (2011)
ITEA: MERGE Project. http://www.merge-project.eu
Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CyCon), pp. 1–24. IEEE (2013)
van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, pp. 249–262 (2001)
van Lamsweerde, A.: Requirements Engineering - From System Goals to UML Models to Software Specifications. Wiley, Chichester (2009)
van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)
Lamsweerde, A.V., Brohez, S., Landtsheer, R.D., Janssens, D.: From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proceedings of the RHAS 2003, pp. 49–56 (2003)
Massacci, F., Mylopoulos, J., Zannone, N.: Computer-aided support for secure tropos. Autom. Softw. Eng. 14(3), 341–364 (2007)
MERGE Project: Recommandations for Security and Safety Co-engineering. Delivrable (2016)
Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical report, DTIC Document (2001)
OECD: Digital Security Risk Management for Economic and Social Prosperity - OECD Recommendation and Companion Document (2015). http://www.oecd.org/sti/ieconomy/digital-security-risk-management.htm
Paul, S.: On the meaning of security for safety (s4s). In: Safety and Security Engineering VI, vol. 151, p. 379 (2015)
Paul, S., Rioux, L.: Over 20 years of research in cybersecurity and safety engineering: a short bibliography. In: Conference: 6th International Conference on Safety and Security Engineering (SAFE), May 2015
Rajkumar, R., Lee, I., Sha, L., Stankovic, J.: Cyber-physical systems: the next computing revolution. In: 2010 47th ACM/IEEE Design Automation Conference (DAC), pp. 731–736, June 2010
Rashid, A., Naqvi, S.A.A., Ramdhany, R., Edwards, M., Chitchyan, R., Babar, M.A.: Discovering unknown known security requirements. In: Proceedings of the 38th International Conference on Software Engineering, pp. 866–876. ACM (2016)
Respect-IT: Objectiver. http://www.objectiver.com
SAE: Recommended Practice J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. http://articles.sae.org/14503
Schmittner, C., Ma, Z.: Towards a framework for alignment between automotive safety and security standards. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 133–143. Springer, Heidelberg (2015)
Schmittner, C., Ma, Z., Schoitsch, E., Gruber, T.: A case study of fmvea and chassis as safety and security co-analysis method for automotive cyber-physical systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp. 69–80. ACM (2015)
Schneider, D., Armengaud, E., Schoitsch, E.: Towards trust assurance and certification in cyber-physical systems. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 180–191. Springer, Heidelberg (2014)
Schoitsch, E., Schmittner, C., Ma, Z., Gruber, T.: The need for safety and cyber-security co-engineering and standardization for highly automated automotive vehicles. In: Schulze, T., Müller, B., Meyer, G. (eds.) Advanced Microsystems for Automotive Applications. Lecture Notes in Mobility, pp. 251–261. Springer, Switzerland (2016)
Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: Machine Learning in Cyber Trust, pp. 3–13. Springer (2009)
Ottawa, U.: jUCMNav: Juice up your modelling (2001). https://www.openhub.net/p/jucmnav
Van Lamsweerde, A., et al.: Engineering requirements for system reliability and security. In: NATO Security Through Science Series D-Information and Communication Security, vol. 9, p. 196 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ponsard, C., Dallons, G., Massonet, P. (2016). Goal-Oriented Co-Engineering of Security and Safety Requirements in Cyber-Physical Systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-45480-1_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45479-5
Online ISBN: 978-3-319-45480-1
eBook Packages: Computer ScienceComputer Science (R0)