Abstract
In the design of critical systems, it is important to ensure a degree of formality so that we reason about safety and security at early stages of analysis and design, rather than detect problems later. Influenced by ideas from STPA we present a hierarchical analysis process that aims to justify the design and flow-down of derived critical requirements arising from safety hazards and security vulnerabilities identified at the system level. At each level, we verify that the design achieves the safety/security requirements by backing the analysis with formal modelling and proof using Event-B refinement. The formal model helps to identify hazards/vulnerabilities arising from the design and how they relate to the safety accidents/security losses being considered at this level. We then re-apply the same process to each component of the design in a hierarchical manner. Thus we use ideas from STPA, backed by Event-B models, to drive the design, replacing the system level requirements with component requirements. In doing so, we decompose critical requirements down to components, transforming them from abstract system level requirements, towards concrete solutions that we can implement correctly so that the hazards/vulnerabilities are eliminated.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abdulkhaleq, A., Wagner, S., Leveson, N.: A comprehensive safety engineering approach for software-intensive systems based on STPA. Procedia Eng. 128, 2ā11 (2015). http://www.sciencedirect.com/science/article/pii/S1877705815038588. Proceedings of the 3rd European STAMP Workshop 5ā6 October 2015, Amsterdam
Abrial, J.R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)
Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in event-B. Softw. Tools Technol. Transf. 12(6), 447ā466 (2010)
Colley, J., Butler, M.: A formal, systematic approach to STPA using event-B refinement and proof (2013). https://eprints.soton.ac.uk/352155/. 21th Safety Critical System Symposium
Dghaym, D., Hoang, T.S., Turnock, S.R., Butler, M., Downes, J., Pritchard, B.: An STPA-based formal composition framework for trustworthy autonomous maritime systems. Saf. Sci. 136, 105139 (2021). https://www.sciencedirect.com/science/article/pii/S0925753520305348
Group, J.T.F.T.I.I.W.: SP 800ā30 revision 1: Guide for conducting risk assessments. Technical report, National Institute of Standards & Technology (2012)
Hata, A., Araki, K., Kusakabe, S., Omori, Y., Lin, H.: Using hazard analysis STAMP/STPA in developing model-oriented formal specification toward reliable cloud service. In: 2015 International Conference on Platform Technology and Service, pp. 23ā24 (2015)
Howard, G., Butler, M.J., Colley, J., Sassone, V.: Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology. In: 2017 IEEE European Symposium on Security and Privacy Workshops, EuroS &P Workshops 2017, Paris, France, 26ā28 April 2017, pp. 174ā180. IEEE (2017). https://doi.org/10.1109/EuroSPW.2017.68
Howard, G., Butler, M.J., Colley, J., Sassone, V.: A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B. Int. J. Crit. Comput. Based Syst. 9(1/2), 56ā75 (2019). https://doi.org/10.1504/IJCCBS.2019.098815
Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Softw. Tools Technol. Transf. (STTT) 10(2), 185ā203 (2008)
Leveson, N.G., Thomas, J.P.: STPA Handbook. Cambridge, MA, USA (2018)
Omitola, T., Rezazadeh, A., Butler, M.: Making (implicit) security requirements explicit for cyber-physical systems: a maritime use case security analysis. In: Anderst-Kotsis, G., et al. (eds.) DEXA 2019. CCIS, vol. 1062, pp. 75ā84. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27684-3_11
Pereira, D., Hirata, C., Pagliares, R., Nadjm-Tehrani, S.: Towards combined safety and security constraints analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 70ā80. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_7
Praxis: Tokeneer. https://www.adacore.com/tokeneer. Accessed May 2020
Snook, C., Hoang, T.S., Dghaym, D., Fathabadi, A.S., Butler, M.: Domain-specific scenarios for refinement-based methods. J. Syst. Archit. (2020). https://www.sciencedirect.com/science/article/pii/S1383762120301259
Thomas, J., Leveson, N.: Generating formal model-based safety requirements for complex, software-and human-intensive systems. In: Proceedings of the Twenty-first Safety-Critical Systems Symposium, Bristol, UK. Safety-Critical Systems Club (2013)
Young, W., Leveson, N.: Inside risks an integrated approach to safety and security based on systems theory: applying a more powerful new safety methodology to security risks. Commun. ACM 57(2), 31ā35 (2014). https://www.scopus.com/inward/record.uri?eid=2-s2.0-84893411630 &doi=10.1145%2f2556938 &partnerID=40 &md5=07efb2984b5cf13de1fe2cb1583b7d27
Acknowledgements
This work is supported by the following projects:
ā HiClass project (113213), which is part of the ATI Programme, a joint Government and industry investment to maintain and grow the UKās competitive position in civil aerospace design and manufacture.
ā HD-Sec project, which was funded by the Digital Security by Design (DSbD) Programme delivered by UKRI to support the DSbD ecosystem.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Salehi Fathabadi, A., Snook, C., Dghaym, D., Hoang, T.S., Alotaibi, F., Butler, M. (2023). Designing Critical Systems Using Hierarchical STPA and Event-B. In: GlƤsser, U., Creissac Campos, J., MƩry, D., Palanque, P. (eds) Rigorous State-Based Methods. ABZ 2023. Lecture Notes in Computer Science, vol 14010. Springer, Cham. https://doi.org/10.1007/978-3-031-33163-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-33163-3_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33162-6
Online ISBN: 978-3-031-33163-3
eBook Packages: Computer ScienceComputer Science (R0)