Skip to main content
SpringerLink
Log in

Goal-Oriented Co-Engineering of Security and Safety Requirements in Cyber-Physical Systems

  • Conference paper
  • First Online:
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9923))

Included in the following conference series:

Abstract

Many safety critical systems are integrating more and more software based systems and are becoming increasingly connected. Such Cyber-Physical Systems require high assurance both on safety and security but also on how such properties affect each other. This covers not only design time aspects but also the run-time: as cyber-security threats evolve constantly, it is necessary to consider how to perform updates of the software without breaking any safety properties. This paper proposes a method to co-engineer them based on sound techniques taken from goal-oriented requirements engineering. The approach is illustrated on a case study from the automotive domain. The case study illustrates the challenges to safety and security co-engineering created by the trend of growing connectivity and the evolution towards more autonomous vehicles in the transportation domain.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ben Othmane, L., Al-Fuqaha, A., Ben Hamida, E., Van Den Brand, M.: Towards extended safety in connected vehicles. In: 2013 16th International IEEE Conference on Intelligent Transportation Systems-(ITSC), pp. 652–657. IEEE (2013)

    Google Scholar 

  2. Cartwright, R., Cheng, A., Hudak, P., OMalley, M., Taha, W.: Cyber-physical challenges in transportation system design. In: National Workshop for Research on High Confidence Transportation Cyber-Physical Systems (2008)

    Google Scholar 

  3. CENELEC: EN 50128:2001, Railway applications - Communications, signalling and processing systems - Software for railway control and protection systems. Technical report (2001)

    Google Scholar 

  4. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 6. USENIX Association, Berkeley (2011)

    Google Scholar 

  5. Du, S., Zhu, H.: Security assessment via attack tree model. In: Du, S., Zhu, H. (eds.) Security Assessment in Vehicular Networks. SpringerBriefs in Computer Science, pp. 9–16. Springer, New York (2013)

    Chapter  Google Scholar 

  6. Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)

    Article  Google Scholar 

  7. International Standardization Organization: ISO 26262: Road vehicles - functional safety. ISO (2011)

    Google Scholar 

  8. ITEA: MERGE Project. http://www.merge-project.eu

  9. Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 2013 5th International Conference on Cyber Conflict (CyCon), pp. 1–24. IEEE (2013)

    Google Scholar 

  10. van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, pp. 249–262 (2001)

    Google Scholar 

  11. van Lamsweerde, A.: Requirements Engineering - From System Goals to UML Models to Software Specifications. Wiley, Chichester (2009)

    Google Scholar 

  12. van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)

    Article  Google Scholar 

  13. Lamsweerde, A.V., Brohez, S., Landtsheer, R.D., Janssens, D.: From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering. In: Proceedings of the RHAS 2003, pp. 49–56 (2003)

    Google Scholar 

  14. Massacci, F., Mylopoulos, J., Zannone, N.: Computer-aided support for secure tropos. Autom. Softw. Eng. 14(3), 341–364 (2007)

    Article  Google Scholar 

  15. MERGE Project: Recommandations for Security and Safety Co-engineering. Delivrable (2016)

    Google Scholar 

  16. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical report, DTIC Document (2001)

    Google Scholar 

  17. OECD: Digital Security Risk Management for Economic and Social Prosperity - OECD Recommendation and Companion Document (2015). http://www.oecd.org/sti/ieconomy/digital-security-risk-management.htm

  18. Paul, S.: On the meaning of security for safety (s4s). In: Safety and Security Engineering VI, vol. 151, p. 379 (2015)

    Google Scholar 

  19. Paul, S., Rioux, L.: Over 20 years of research in cybersecurity and safety engineering: a short bibliography. In: Conference: 6th International Conference on Safety and Security Engineering (SAFE), May 2015

    Google Scholar 

  20. Rajkumar, R., Lee, I., Sha, L., Stankovic, J.: Cyber-physical systems: the next computing revolution. In: 2010 47th ACM/IEEE Design Automation Conference (DAC), pp. 731–736, June 2010

    Google Scholar 

  21. Rashid, A., Naqvi, S.A.A., Ramdhany, R., Edwards, M., Chitchyan, R., Babar, M.A.: Discovering unknown known security requirements. In: Proceedings of the 38th International Conference on Software Engineering, pp. 866–876. ACM (2016)

    Google Scholar 

  22. Respect-IT: Objectiver. http://www.objectiver.com

  23. SAE: Recommended Practice J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. http://articles.sae.org/14503

  24. Schmittner, C., Ma, Z.: Towards a framework for alignment between automotive safety and security standards. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 133–143. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  25. Schmittner, C., Ma, Z., Schoitsch, E., Gruber, T.: A case study of fmvea and chassis as safety and security co-analysis method for automotive cyber-physical systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp. 69–80. ACM (2015)

    Google Scholar 

  26. Schneider, D., Armengaud, E., Schoitsch, E.: Towards trust assurance and certification in cyber-physical systems. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 180–191. Springer, Heidelberg (2014)

    Google Scholar 

  27. Schoitsch, E., Schmittner, C., Ma, Z., Gruber, T.: The need for safety and cyber-security co-engineering and standardization for highly automated automotive vehicles. In: Schulze, T., Müller, B., Meyer, G. (eds.) Advanced Microsystems for Automotive Applications. Lecture Notes in Mobility, pp. 251–261. Springer, Switzerland (2016)

    Google Scholar 

  28. Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: Machine Learning in Cyber Trust, pp. 3–13. Springer (2009)

    Google Scholar 

  29. Ottawa, U.: jUCMNav: Juice up your modelling (2001). https://www.openhub.net/p/jucmnav

  30. Van Lamsweerde, A., et al.: Engineering requirements for system reliability and security. In: NATO Security Through Science Series D-Information and Communication Security, vol. 9, p. 196 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CETIC Research Center, Charleroi, Belgium

    Christophe Ponsard, Gautier Dallons & Philippe Massonet

Authors
  1. Christophe Ponsard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gautier Dallons
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philippe Massonet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christophe Ponsard .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Trondheim, Norway

    Amund Skavhaug

  2. University of Toulouse, Toulouse, France

    Jérémie Guiochet

  3. Austrian Institute of Technology GmbH, Wien, Austria

    Erwin Schoitsch

  4. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ponsard, C., Dallons, G., Massonet, P. (2016). Goal-Oriented Co-Engineering of Security and Safety Requirements in Cyber-Physical Systems. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9923. Springer, Cham. https://doi.org/10.1007/978-3-319-45480-1_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45480-1_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45479-5

  • Online ISBN: 978-3-319-45480-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation