The University of Southampton
University of Southampton Institutional Repository

A rigorous tool-supported methodology for assuring the security and safety of cyber-physical systems

A rigorous tool-supported methodology for assuring the security and safety of cyber-physical systems
A rigorous tool-supported methodology for assuring the security and safety of cyber-physical systems
The increased usage of cyber-physical systems in a number of domains poses a unique challenge: how can one be assured of both the security and safety of these systems? While there are a large number of methodologies in the literature for performing security analysis or safety analysis, many of these are not specific to cyber-physical systems and the challenges these pose. Attempts at producing methodologies for security & safety co-analysis have equally met difficulties in terms of reconciling the different approaches and terminology often used by the separate domains. One solution involves the development of a systems theory-based model for understanding how safety, security & other emergent behaviours of systems can be framed and understood. Such an understanding can then be used in a systematic methodology for performing co-analysis in a structured and robust way. This thesis presents a methodology called Security-Enhanced Systems-Theoretic Process Analysis (SE-STPA), based on an underlying model known as Systems-Theoretic Accident & Attack Model and Processes (STAAMP), which combines safety and security analysis into one unified co-analysis method. It represents an evolution on existing work in safety by Leveson [90] and attempts to address several shortfalls of the existing approach in regards to security. SE-STPA is presented with two case studies that were utilised to evolve the methodology into a mature state. Finally, this thesis presents a discussion on future improvements that could be undertaken to develop the methodology further.
University of Southampton
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Howard, Giles
8be3e4df-abc3-4277-ad00-918d4089b8c1
Butler, Michael
54b9c2c7-2574-438e-9a36-6842a3d53ed0

Howard, Giles (2019) A rigorous tool-supported methodology for assuring the security and safety of cyber-physical systems. University of Southampton, Doctoral Thesis, 270pp.

Record type: Thesis (Doctoral)

Abstract

The increased usage of cyber-physical systems in a number of domains poses a unique challenge: how can one be assured of both the security and safety of these systems? While there are a large number of methodologies in the literature for performing security analysis or safety analysis, many of these are not specific to cyber-physical systems and the challenges these pose. Attempts at producing methodologies for security & safety co-analysis have equally met difficulties in terms of reconciling the different approaches and terminology often used by the separate domains. One solution involves the development of a systems theory-based model for understanding how safety, security & other emergent behaviours of systems can be framed and understood. Such an understanding can then be used in a systematic methodology for performing co-analysis in a structured and robust way. This thesis presents a methodology called Security-Enhanced Systems-Theoretic Process Analysis (SE-STPA), based on an underlying model known as Systems-Theoretic Accident & Attack Model and Processes (STAAMP), which combines safety and security analysis into one unified co-analysis method. It represents an evolution on existing work in safety by Leveson [90] and attempts to address several shortfalls of the existing approach in regards to security. SE-STPA is presented with two case studies that were utilised to evolve the methodology into a mature state. Finally, this thesis presents a discussion on future improvements that could be undertaken to develop the methodology further.

Text
A rigorous tool-supported methodology for assuring the security and safety of cyber-physical systems - Version of Record
Available under License University of Southampton Thesis Licence.
Download (2MB)

More information

Published date: 28 December 2019

Identifiers

Local EPrints ID: 437677
URI: http://eprints.soton.ac.uk/id/eprint/437677
PURE UUID: a98bfdef-3586-44ff-9f09-5b9b649c2419
ORCID for Giles Howard: ORCID iD orcid.org/0000-0002-6879-8544
ORCID for Michael Butler: ORCID iD orcid.org/0000-0003-4642-5373

Catalogue record

Date deposited: 11 Feb 2020 17:30
Last modified: 12 Feb 2020 01:37

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×