Skip to main content
Springer Nature Link
Log in

The Marriage Between Safety and Cybersecurity: Still Practicing

  • Conference paper
  • First Online:
Model Checking Software (SPIN 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12864))

Included in the following conference series:

Abstract

Emerging technologies, like self-driving cars, drones, and the Internet-of-Things must not impose threats to people, neither due to accidental failures (safety), nor due to malicious attacks (security). As historically separated fields, safety and security are often analyzed in isolation. They are, however, heavily intertwined: measures that increase safety often decrease security and vice versa. Also, security vulnerabilities often cause safety hazards, e.g. in autonomous cars. Therefore, for effective decision-making, safety and security must be considered in combination.

This paper discusses three major challenges that a successful integration of safety and security faces: (1) The complex interaction between safety and security (2) The lack of efficient algorithms to compute system-level risk metrics (3) The lack of proper risk quantification methods. We will point out several research directions to tackle these challenges, exploiting novel combinations of mathematical game theory, stochastic model checking, as well as the Bayesian, fuzzy, and Dempster-Schafer frameworks for uncertainty reasoning. Finally, we report on early results in these directions.

This work was partially funded by ERC Consolidator Grant 864075 (CAESAR).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Since we require \(\mathbin {\vartriangle }\) to be commutative, \( D \) is in fact a commutative semiring. Further, rings often include a neutral element for disjunction and an absorbing element for conjunction, but these are not needed in Definition 5.

References

  1. Amorim, T., Schneider, D., Nguyen, V.Y., Schmittner, C., Schoitsch, E.: Five major reasons why safety and security haven’t married (yet). ERCIM News 102, 16–17 (2015)

    Google Scholar 

  2. Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291–299. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_25

    Chapter  Google Scholar 

  3. Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1, 11–33 (2004)

    Article  Google Scholar 

  4. Barlow, R.E., Proschan, F.: Statistical Theory of Reliability and Life Testing: Probability Models. International Series in Decision Processes. Holt, Rinehart and Winston, New York (1975)

    Google Scholar 

  5. Bernsmed, K., Frøystad, C., Meland, P.H., Nesheim, D.A., Rødseth, Ø.J.: Visualizing cyber security risks with bow-tie diagrams. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 38–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74860-3_3

    Chapter  Google Scholar 

  6. Bobbio, A., Egidi, L., Terruggia, R.: A methodology for qualitative/quantitative analysis of weighted attack trees. IFAC 46(22), 133–138 (2013)

    Google Scholar 

  7. Bozzano, M., et al.: A model checker for AADL. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 562–565. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_48

    Chapter  Google Scholar 

  8. Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: ECIS (2009)

    Google Scholar 

  9. Budde, C.E., Stoelinga, M.: Efficient algorithms for quantitative attack tree analysis. In: CSF, pp. 501–515. IEEE Computer Society (2021). ISSN: 2374-8303. https://doi.org/10.1109/CSF51468.2021.00041

  10. Budde, C.E., Kolb, C., Stoelinga, M.: Attack trees vs. fault trees: two sides of the same coin from different currencies. In: QEST (to appear)

    Google Scholar 

  11. Byres, E.J., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: Proceedings of the International Infrastructure Survivability Workshop, pp. 3–10. Citeseer (2004)

    Google Scholar 

  12. Chockalingam, S., Hadžiosmanović, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 50–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_5

    Chapter  Google Scholar 

  13. Clifton, E., et al.: Fault tree analysis-a history. In: Proceedings of the 17th International Systems Safety Conference, pp. 1–9 (1999)

    Google Scholar 

  14. Commission, I.E., et al.: IEC 61025: Fault tree analysis. IEC Standards (2006)

    Google Scholar 

  15. Dalton, G.C., Mills, R.F., Colombi, Raines, R.A.: Analyzing attack trees using generalized stochastic Petri nets. In: 2006 IEEE Information Assurance Workshop, pp. 116–123 (2006)

    Google Scholar 

  16. Dissaux, P., Singhoff, F., Lemarchand, L., Tran, H., Atchadam, I.: Combined real-time, safety and security model analysis. In: ERTSS (2020)

    Google Scholar 

  17. Dugan, J.B., Bavuso, S.J., Boyd, M.A.: Dynamic fault-tree models for fault-tolerant computer systems. IEEE Trans. Reliab. 41(3), 363–377 (1992)

    Article  Google Scholar 

  18. Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009)

    Article  Google Scholar 

  19. Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48393-1_24

    Chapter  Google Scholar 

  20. Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: Safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2017)

    Google Scholar 

  21. ISO/IEC 25010:2011, S., software engineering: Systems and software quality requirements and evaluation (square). System and software quality models (2011)

    Google Scholar 

  22. Junges, S., Guck, D., Katoen, J., Stoelinga, M.: Uncovering dynamic fault trees. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 299–310 (2016)

    Google Scholar 

  23. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88873-4_8

    Chapter  Google Scholar 

  24. Kahneman, D.: A perspective on judgment and choice: mapping bounded rationality. Am. Psychol. 58(9), 697 (2003)

    Article  Google Scholar 

  25. Kimelman, D., Kimelman, M., Mandelin, D., Yellin, D.M.: Bayesian approaches to matching architectural diagrams. Trans. Software Eng. 36(2), 248–274 (2010)

    Article  Google Scholar 

  26. Kolb, C., Nicoletti, S.M., Peppelman, M., Stoelinga, M.: Model-based safety and security co-analysis: a survey. In: arXiv (2021)

    Google Scholar 

  27. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2012)

    Google Scholar 

  28. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)

    Article  Google Scholar 

  29. Kordy, B., Wideł, W.: On quantitative analysis of attack–defense trees with repeated labels. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 325–346. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_14

    Chapter  MATH  Google Scholar 

  30. Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on Bayesian belief networks. In: 2013 FedCSIS, pp. 1393–1399. IEEE (2013)

    Google Scholar 

  31. Kriaa, S., Bouissou, M., Colin, F., Halgand, Y., Pietre-Cambacedes, L.: Safety and security interactions modeling using the BDMP Formalism: case study of a pipeline. In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 326–341. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_22

    Chapter  Google Scholar 

  32. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)

    Article  Google Scholar 

  33. Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 25–32 (2017)

    Google Scholar 

  34. Lee, W., Grosh, D., Tillman, F., Lie, C.: Fault tree analysis, methods, and applications: a review. IEEE Trans. Reliab. R-34(3), 194–203 (1985)

    Google Scholar 

  35. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17

    Chapter  Google Scholar 

  36. Nicol, D.M., H.Sanders, W., Trivedi, K.S.: Model-based evaluation: From dependability to security. IEEE Trans. Dep. Sec. Comput. 1(1), 48–65 (2004)

    Google Scholar 

  37. Nielsen, D.S.: The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis. Risø National Laboratory (1971)

    Google Scholar 

  38. Nigam, V., Pretschner, A., Ruess, H.: Model-based safety and security engineering (2019)

    Google Scholar 

  39. Organization, I.S.: ISO/dis 26262: Road vehicles, functional safety. Technical report (2009)

    Google Scholar 

  40. Pedroza, G., Apvrille, L., Knorreck, D.: AVATAR: A SysML environment for the formal verification of safety and security properties. In: 2011 NOTERE, pp. 1–10. IEEE (2011)

    Google Scholar 

  41. Rauzy, A.: New algorithms for fault trees analysis. Reliab. Eng. Syst. Saf. 40(3), 203–211 (1993)

    Article  Google Scholar 

  42. Roth, M., Liggesmeyer, P.: Modeling and analysis of safety-critical cyber physical systems using state/event fault trees. In: SAFECOMP 2013 (2013)

    Google Scholar 

  43. Roudier, Y., Apvrille, L.: SysML-Sec: A model driven approach for designing safe and secure systems. In: MODELSWARD

    Google Scholar 

  44. Ruijters, E., Guck, D., Drolenga, P., Stoelinga, M.: Fault maintenance trees: reliability centered maintenance via statistical model checking. In: 2016 Annual Reliability and Maintainability Symposium (RAMS), pp. 1–6 (2016)

    Google Scholar 

  45. Ruijters, E., Stoelinga, M.: Fault tree analysis: a survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15–16, 29–62 (2015)

    Article  MathSciNet  Google Scholar 

  46. Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system (2016)

    Google Scholar 

  47. Watson, H.: Launch control safety study. Technical Report, Section VII, Vol. 1. Bell Labs (1961)

    Google Scholar 

  48. Zampino, E.J.: Application of fault-tree analysis to troubleshooting the NASA GRC icing research tunnel. In: Annual Reliability and Maintainability Symposium, 2001 Proceedings, pp. 16–22 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Formal Methods and Tools, University of Twente, Enschede, The Netherlands

    Marielle Stoelinga, Christina Kolb, Stefano M. Nicoletti & Ernst Moritz Hahn

  2. Department of Software Science, Radboud University, Nijmegen, The Netherlands

    Marielle Stoelinga

  3. Department of Information Engineering and Computer Science, University of Trento, Trento, Italy

    Carlos E. Budde

Authors
  1. Marielle Stoelinga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christina Kolb
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano M. Nicoletti
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Carlos E. Budde
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ernst Moritz Hahn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marielle Stoelinga .

Editor information

Editors and Affiliations

  1. Leiden University, Leiden, The Netherlands

    Alfons Laarman

  2. University of Salzburg, Salzburg, Austria

    Ana Sokolova

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stoelinga, M., Kolb, C., Nicoletti, S.M., Budde, C.E., Hahn, E.M. (2021). The Marriage Between Safety and Cybersecurity: Still Practicing. In: Laarman, A., Sokolova, A. (eds) Model Checking Software. SPIN 2021. Lecture Notes in Computer Science(), vol 12864. Springer, Cham. https://doi.org/10.1007/978-3-030-84629-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-84629-9_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-84628-2

  • Online ISBN: 978-3-030-84629-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics