The University of Southampton
University of Southampton Institutional Repository

A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B

A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B
A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B
Cyber-physical systems represent a challenge to conventional security and safety analysis techniques due to their complexity and the need to consider both safety and security equally. It is also important that the requirements generated to mitigate against safety and security risks are clear and adequately address the underlying issue. A methodology is presented in this paper to allow for integrated safety and security analysis of cyber-physical systems, particularly in a critical infrastructure context. This methodology uses a modified form of STPA, which has been coupled with our concept of adversarial modelling, to analyse for security and safety hazards which are then mitigated against by the creation of critical requirements. These critical requirements are then validated through their application to an Event-B formal model, allowing for their completeness to be verified. The output of the methodology is a set of critical requirements that guide iteration of and improvements to the system design to ensure its safety and security are maintained.
system theoretic process analysis, STPA, hazard analysis, Event-B, safety analysis, security analysis, critical infrastructure, cyber-physical systems, adversarial modelling, critical systems
56-75
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0
Colley, John
d2877837-a2f2-4f84-b3f3-3ffe79ffeb87
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Howard, Giles, Butler, Michael, Colley, John and Sassone, Vladimiro (2019) A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B. International Journal of Critical Computer-Based Systems, 56-75. (doi:10.1504/IJCCBS.2019.098815).

Record type: Special issue

Abstract

Cyber-physical systems represent a challenge to conventional security and safety analysis techniques due to their complexity and the need to consider both safety and security equally. It is also important that the requirements generated to mitigate against safety and security risks are clear and adequately address the underlying issue. A methodology is presented in this paper to allow for integrated safety and security analysis of cyber-physical systems, particularly in a critical infrastructure context. This methodology uses a modified form of STPA, which has been coupled with our concept of adversarial modelling, to analyse for security and safety hazards which are then mitigated against by the creation of critical requirements. These critical requirements are then validated through their application to an Event-B formal model, allowing for their completeness to be verified. The output of the methodology is a set of critical requirements that guide iteration of and improvements to the system design to ensure its safety and security are maintained.

Text
1105276389410001000 - Accepted Manuscript
Download (242kB)

More information

Submitted date: 16 January 2018
Accepted/In Press date: 13 December 2018
Published date: 19 March 2019
Keywords: system theoretic process analysis, STPA, hazard analysis, Event-B, safety analysis, security analysis, critical infrastructure, cyber-physical systems, adversarial modelling, critical systems

Identifiers

Local EPrints ID: 429899
URI: https://eprints.soton.ac.uk/id/eprint/429899
PURE UUID: 21bd7de7-1cf8-4d2f-8b74-b51fa4f31e27
ORCID for Giles Howard: ORCID iD orcid.org/0000-0002-6879-8544
ORCID for Michael Butler: ORCID iD orcid.org/0000-0003-4642-5373

Catalogue record

Date deposited: 08 Apr 2019 16:30
Last modified: 20 Jul 2019 01:18

Export record

Altmetrics

Contributors

Author: Giles Howard ORCID iD
Author: Michael Butler ORCID iD
Author: John Colley
Author: Vladimiro Sassone

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×