Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computer Safety, Reliability, and Security

SAFECOMP 2019: Computer Safety, Reliability, and Security pp 74–86Cite as

A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11699))

Abstract

Safety-critical systems are required to comply with safety standards. These systems are increasingly digitized and networked to an extent where they need to also comply with security and privacy standards. This paper aims to provide insights into how practitioners apply the standards on safety, security or privacy (Sa/Se/Pr), as well as how they employ Sa/Se/Pr analysis methodologies and software tools to meet such criteria. To this end, we conducted a questionnaire-based survey within the participants of an EU project SECREDAS and obtained 21 responses. The results of our survey indicate that safety standards are widely applied by product and service providers, driven by the requirements from clients or regulators/authorities. When it comes to security standards, practitioners face a wider range of standards while few target specific industrial sectors. Some standards linking safety and security engineering are not widely used at the moment, or practitioners are not aware of this feature. For privacy engineering, the availability and usage of standards, analysis methodologies and software tools are relatively weaker than for safety and security, reflecting the fact that privacy engineering is an emerging concern for practitioners.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The questionnaire could be found at:

    http://www.internetoftrust.com/wp-content/uploads/2019/06/Secredas_Questionnaire_Standards_public.pdf.

References

  1. IEC61508:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems. Standard, International Electrotechnical Commission (IEC) (2010)

    Google Scholar 

  2. SECREDAS project. http://secredas.eu. Accessed 03 Apr 2019

  3. SAE J3061-2016 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Standard, Society of Automotive Engineers (SAE) (2016)

    Google Scholar 

  4. Henniger, O., Ruddle, A., Seudié, H., Weyl, B., Wolf, M., Wollinger, T.: Securing vehicular on-board IT systems: the EVITA project. In: VDI/VW Automotive Security Conference, p. 41 (2009)

    Google Scholar 

  5. ETSI TS 102 165-1 V5.2.3 (2017-10) CYBER; Methods and protocols; Part 1: Method and proforma for Threat, Vulnerability, Risk Analysis (TVRA). Standard, European Telecommunications Standards Institute (ETSI) (2017)

    Google Scholar 

  6. Alberts, C.J., Dorofee, A.: Managing Information Security Risks: The OCTAVE Approach. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)

    Google Scholar 

  7. HEAling Vulnerabilities to ENhance Software Security and Safety (HEAVENS) project. https://research.chalmers.se/en/project/5809. Accessed 03 Apr 2019

  8. ISO 25119:2018 Tractors and machinery for agriculture and forestry – Safety-related parts of control systems. Standard, International Organization for Standardization (ISO) (2018)

    Google Scholar 

  9. ISO/SAE CD 21434 Road Vehicles – Cybersecurity engineering. Standard, International Organization for Standardization (ISO), under development

    Google Scholar 

  10. GlobalPlatform Specifications. https://globalplatform.org/specs-library/. Accessed 03 Apr 2019

  11. ETSI TS 101 733 V2.2.1 (2013-04) Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES). Standard, European Telecommunications Standards Institute (ETSI) (2013)

    Google Scholar 

  12. ETSI TS 101 903 V1.4.1 (2009-06) XML Advanced Electronic Sig- natures (XAdES). Standard, European Telecommunications Standards Institute (ETSI) (2009)

    Google Scholar 

  13. IEC 62443:2018 Security for industrial automation and control systems. Standard, International Electrotechnical Commission (IEC) (2018)

    Google Scholar 

  14. ETSI TS 102 204 V1.1.4 (2003-08) XML Advanced Mobile Commerce (M-COMM); Mobile Signature Service; Web Service Interface. Standard, European Telecommunications Standards Institute (ETSI) (2003)

    Google Scholar 

  15. ISO/IEC 27000 family - Information security management systems. Standard, International Organization for Standardization (ISO) (2018)

    Google Scholar 

  16. eIDAS: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Regulation, The European Parliament and the Council of the European Union (2014)

    Google Scholar 

  17. ISO/IEC 15408:2009 Information technology – Security techniques – Evaluation criteria for IT security. Standard, International Organization for Standardization (ISO) (2015)

    Google Scholar 

  18. RFCs Internet cryptographic standards. Standard, Federal Information Processing Standards (FIPS)

    Google Scholar 

  19. NIST Special Publication 800-series. Standard, National Institute of Standards and Technology (NIST) (2018)

    Google Scholar 

  20. Trusted Information Security Assessment Exchange (TISAX). Standard, German Association of the Automotive Industry (VDA) (2017)

    Google Scholar 

  21. ETSI TS 103 532 V1.1.1(2018-03) CYBER; Attribute Based Encryption for Attribute Based Access Control. Standard, European Telecommunications Standards Institute (ETSI) (2018)

    Google Scholar 

  22. BSI IT-Grundschutz. Standard, German Federal Office for Information Security (BSI) (2015)

    Google Scholar 

  23. GlobalPlatform Privacy Framework v1.0. Standard, GlobalPlatform (2017)

    Google Scholar 

  24. ISO/IEC 29100:2011 Information technology – Security techniques – Privacy framework. Standard, International Organization for Standardization (ISO) (2011)

    Google Scholar 

  25. ISO/IEC 19286:2018 Identification cards – Integrated circuit cards – Privacy-enhancing protocols and services. Standard, International Organization for Standardization (ISO) (2018)

    Google Scholar 

  26. ISO/IEC PDTR 27550: Information technology – Security techniques – Privacy engineering. Standard, International Organization for Standardization (ISO), under development

    Google Scholar 

  27. General Data Protection Regulation (GDPR): Regulation, European Parliament and Council of the European Union (2018)

    Google Scholar 

  28. Standard Data Protection Model (SDP Model): Standard, German Federal and State Commissioners (2017)

    Google Scholar 

  29. IEC TR 63069 ED1: Industrial-process measurement, control and automation - Framework for functional safety and security. Standard, International Electrotechnical Commission (IEC), under development

    Google Scholar 

  30. ISO 26262:2018 Road vehicles – Functional safety. Standard, International Organization for Standardization (ISO) (2018)

    Google Scholar 

  31. Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 GRVA. Standard, United Nations Economic Commission for Europe (UNECE) (2018)

    Google Scholar 

  32. Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Quality Press, Milwaukee (2003)

    Google Scholar 

  33. Ericson, C.A.: Fault tree analysis. In: System Safety Conference, Orlando, Florida,vol. 1, pp. 1–9 (1999)

    Google Scholar 

  34. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  35. Common Criteria. https://www.commoncriteriaportal.org. Accessed 03 Apr 2019

Download references

Acknowledgements

This work was partly supported by the SECREDAS project with the JU Grant Agreement number 783119, and the partners national funding authorities.

Author information

Authors and Affiliations

  1. Internet of Trust, Paris, France

    Lijun Shan & Claire Loiseaux

  2. RISE Research Institutes of Sweden, Borås, Sweden

    Behrooz Sangchoolie, Peter Folkesson & Jonny Vinter

  3. Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

Authors
  1. Lijun Shan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Behrooz Sangchoolie
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Folkesson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jonny Vinter
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Erwin Schoitsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Claire Loiseaux
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Behrooz Sangchoolie .

Editor information

Editors and Affiliations

  1. Newcastle University, Newcastle-upon-Tyne, UK

    Alexander Romanovsky

  2. Åbo Akademi University, Turku, Finland

    Elena Troubitsyna

  3. City, University of London, London, UK

    Ilir Gashi

  4. AIT Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  5. Thales Deutschland GmbH, Berlin, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shan, L., Sangchoolie, B., Folkesson, P., Vinter, J., Schoitsch, E., Loiseaux, C. (2019). A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26250-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26249-5

  • Online ISBN: 978-3-030-26250-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation