A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B
A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B
Cyber-physical systems represent a challenge to conventional security and safety analysis techniques due to their complexity and the need to consider both safety and security equally. It is also important that the requirements generated to mitigate against safety and security risks are clear and adequately address the underlying issue. A methodology is presented in this paper to allow for integrated safety and security analysis of cyber-physical systems, particularly in a critical infrastructure context. This methodology uses a modified form of STPA, which has been coupled with our concept of adversarial modelling, to analyse for security and safety hazards which are then mitigated against by the creation of critical requirements. These critical requirements are then validated through their application to an Event-B formal model, allowing for their completeness to be verified. The output of the methodology is a set of critical requirements that guide iteration of and improvements to the system design to ensure its safety and security are maintained.
system theoretic process analysis, STPA, hazard analysis, Event-B, safety analysis, security analysis, critical infrastructure, cyber-physical systems, adversarial modelling, critical systems
56-75
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
19 March 2019
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Howard, Giles, Butler, Michael, Colley, John and Sassone, Vladimiro
(2019)
A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B.
International Journal of Critical Computer-Based Systems, .
(doi:10.1504/IJCCBS.2019.098815).
Record type:
Special issue
Abstract
Cyber-physical systems represent a challenge to conventional security and safety analysis techniques due to their complexity and the need to consider both safety and security equally. It is also important that the requirements generated to mitigate against safety and security risks are clear and adequately address the underlying issue. A methodology is presented in this paper to allow for integrated safety and security analysis of cyber-physical systems, particularly in a critical infrastructure context. This methodology uses a modified form of STPA, which has been coupled with our concept of adversarial modelling, to analyse for security and safety hazards which are then mitigated against by the creation of critical requirements. These critical requirements are then validated through their application to an Event-B formal model, allowing for their completeness to be verified. The output of the methodology is a set of critical requirements that guide iteration of and improvements to the system design to ensure its safety and security are maintained.
Text
1105276389410001000
- Accepted Manuscript
More information
Submitted date: 16 January 2018
Accepted/In Press date: 13 December 2018
Published date: 19 March 2019
Keywords:
system theoretic process analysis, STPA, hazard analysis, Event-B, safety analysis, security analysis, critical infrastructure, cyber-physical systems, adversarial modelling, critical systems
Identifiers
Local EPrints ID: 429899
URI: http://eprints.soton.ac.uk/id/eprint/429899
PURE UUID: 21bd7de7-1cf8-4d2f-8b74-b51fa4f31e27
Catalogue record
Date deposited: 08 Apr 2019 16:30
Last modified: 10 Sep 2024 01:40
Export record
Altmetrics
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
