Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology
Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology
Cyber-physical systems represent an engineering challenge due to their safety and security concerns, particularly those systems involved in critical infrastructure which require some of the highest standards of safety, availability, integrity and security. The complexity of these systems makes the identification and analysis of safety and security requirements challenging. In this paper, we present a methodology for identifying and formally analysing safety and security requirements, based on the STPA methodology and combined with modelling, traceability and formal verification through use of the Event-B formal method. Our STPA approach is then leveraged to generate ‘critical requirements’ to mitigate against undesirable system states, which are subsequently translated
into constraints on an Event-B representation of the system. The Rodin toolset allows us to demonstrate that these critical requirements fully mitigate against the undesirable system states and therefore provide automated verification of the critical requirements.
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Howard, Giles, Butler, Michael, Colley, John and Sassone, Vladimiro
(2017)
Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology.
2nd Workshop on Safety & Security aSSurance, , Paris, France.
29 Apr 2017.
6 pp
.
(In Press)
(doi:10.1109/EuroSPW.2017.68).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Cyber-physical systems represent an engineering challenge due to their safety and security concerns, particularly those systems involved in critical infrastructure which require some of the highest standards of safety, availability, integrity and security. The complexity of these systems makes the identification and analysis of safety and security requirements challenging. In this paper, we present a methodology for identifying and formally analysing safety and security requirements, based on the STPA methodology and combined with modelling, traceability and formal verification through use of the Event-B formal method. Our STPA approach is then leveraged to generate ‘critical requirements’ to mitigate against undesirable system states, which are subsequently translated
into constraints on an Event-B representation of the system. The Rodin toolset allows us to demonstrate that these critical requirements fully mitigate against the undesirable system states and therefore provide automated verification of the critical requirements.
Text
s4cip_as_accepted.pdf
- Accepted Manuscript
More information
Accepted/In Press date: 23 January 2017
Venue - Dates:
2nd Workshop on Safety & Security aSSurance, , Paris, France, 2017-04-29 - 2017-04-29
Organisations:
Agents, Interactions & Complexity, Electronics & Computer Science, Electronic & Software Systems, Faculty of Physical Sciences and Engineering
Identifiers
Local EPrints ID: 406432
URI: http://eprints.soton.ac.uk/id/eprint/406432
PURE UUID: cd141b95-6cc0-475b-89d9-47e36107afa4
Catalogue record
Date deposited: 10 Mar 2017 10:47
Last modified: 10 Sep 2024 01:40
Export record
Altmetrics
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
