Skip to main content
SpringerLink
Log in

Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline

  • Conference paper
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8666))

Included in the following conference series:

Abstract

The digitalization of industrial control systems (ICS) raises several security threats that can endanger the safety of the critical infrastructures supervised by such systems. This paper presents an analysis method that enables the identification and ranking of risks leading to a safety issue, regardless of the origin of those risks: accidental or due to malevolence. This method relies on a modeling formalism called BDMP (Boolean logic Driven Markov Processes) that was initially created for safety studies, and then adapted to security. The use of the method is first illustrated on a simple case to show how it can be used to make decisions in a situation where security requirements are in conflict with safety requirements. Then it is applied to a realistic industrial system: a pipeline and its instrumentation and control system in order to highlight possible interactions between safety and security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bieber, P., Blanquart, J.P., Descargues, G., Dulucq, M., Fourastier, Y., Hazane, E., Julien, M., Leonardon, L., Sarouille, G.: Security and safety assurance for aerospace embedded systems. In: Proceedings of the 6th International Conference on Embedded Real Time Software and Systems, Toulouse, France, pp. 1–10 (2012)

    Google Scholar 

  2. Bouissou, M., Bon, J.-L.: A new formalism that combines advantages of fault-trees and markov models: Boolean logic driven markov processes. Reliability Engineering & System Safety 82(2), 149–163 (2003)

    Article  Google Scholar 

  3. Chiaradonna, S., Di Giandomenico, F., Lollini, P.: Case study on critical infrastructures: Assessment of electric power systems. In: Wolter, K., Avritzer, A., Vieira, M., van Moorsel, A. (eds.) Resilience Assessment and Evaluation of Computing Systems, pp. 365–390. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Eames, D.P., Moffett, J.D.: The integration of safety and security requirements. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 468–480. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  5. Hunter, B.: Integrating safety and security into the system lifecycle. In: Improving Systems and Software Engineering Conference (ISSEC), Canberr, Australia, p. 147 (August 2009)

    Google Scholar 

  6. Kornecki, A., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399 (2013)

    Google Scholar 

  7. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (2010)

    Google Scholar 

  8. Kriaa, S., Bouissou, M., Pietre-Cambacedes, L.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 2012 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1–8 (2012)

    Google Scholar 

  9. Nai Fovino, I., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliability Engineering & System Safety 94(9), 1394–1402 (2009)

    Article  Google Scholar 

  10. Novak, T., Gerstinger, A.: Safety- and security-critical services in building automation and control systems. IEEE Transactions on Industrial Electronics 57(11), 3614–3621 (2010)

    Article  Google Scholar 

  11. Pietre-Cambacedes, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven markov processes (BDMP). In: Dependable Computing Conference (EDCC), 2010 European, pp. 199–208 (2010)

    Google Scholar 

  12. Pietre-Cambacedes, L., Bouissou, M.: Modeling safety and security interdependencies with BDMP (boolean logic driven markov processes). In: IEEE International Conference on Systems Man and Cybernetics (SMC), pp. 2852–2861 (2010)

    Google Scholar 

  13. Pietre-Cambacedes, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliability Engineering & System Safety 110, 110–126 (2013)

    Article  Google Scholar 

  14. Pietre-Cambacedes, L., Deflesselle, Y., Bouissou, M.: Security modeling with BDMP: from theory to implementation. In: 2011 Conference on Network and Information Systems Security (SAR-SSI), pp. 1–8 (2011)

    Google Scholar 

  15. Pietre-Cambacedes, L., Bouissou, M.: Attack and defense dynamic modeling with BDMP (extended version). Tech. rep., Technical Report, Telecom ParisTech (2010)

    Google Scholar 

  16. Pietre-Cambacedes, L., Chaudet, C.: The SEMA referential framework: Avoiding ambiguities in the terms “security” and “safety”. International Journal of Critical Infrastructure Protection 3(2), 55–66 (2010)

    Article  Google Scholar 

  17. Smith, J., Russell, S., Looi, M.: Security as a safety issue in rail communications. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software, SCS 2003, vol. 33, pp. 79–88. Australian Computer Society, Inc., Australia (2003)

    Google Scholar 

  18. Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis-finding security problems that threaten the safety of a system. In: Proceedings of Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)

    Google Scholar 

  19. Sun, M., Mohan, S., Sha, L., Gunter, C.: Addressing safety and security contradictions in cyber-physical systems. In: 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSS 2009), Newark, United States (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electricité de France (EDF) R&D, France

    Siwar Kriaa, Marc Bouissou, Frederic Colin, Yoran Halgand & Ludovic Pietre-Cambacedes

  2. Ecole Centrale Paris, France

    Siwar Kriaa & Marc Bouissou

Authors
  1. Siwar Kriaa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Bouissou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frederic Colin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yoran Halgand
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ludovic Pietre-Cambacedes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Informatics, University of Florence, 50134, Florence, Italy

    Andrea Bondavalli

  2. ISTI-CNR, 56124, Pisa, Italy

    Felicita Di Giandomenico

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kriaa, S., Bouissou, M., Colin, F., Halgand, Y., Pietre-Cambacedes, L. (2014). Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline. In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10506-2_22

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10505-5

  • Online ISBN: 978-3-319-10506-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation