Skip to main content
SpringerLink
Log in

Deriving and Formalising Safety and Security Requirements for Control Systems

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11093))

Included in the following conference series:

Abstract

Safety-critical control systems become increasingly open and interconnected. However, there is still a lack of the techniques that enable an integrated analysis of safety and security requirements. In this paper, we propose an approach that allows the designers to derive and formalise safety and security requirements in a structured systematic way. To elicit both types of the requirements, we adapt and integrate traditional safety and security analysis techniques. To formally specify and verify them, we rely on Event-B framework. The framework allows us to develop a complex specification of system behaviour in presence of both accidental faults and security attacks and analyse mutual interdependencies between safety and security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abrial, J.R.: Modeling in Event-B. Cambridge University Press, New York (2010)

    Book  Google Scholar 

  2. Brunel, J., Rioux, L., Paul, S., Faucogney, A., Vallée, F.: Formal safety and security assessment of an avionic architecture with alloy. In: ESSS 2014, pp. 8–19 (2014)

    Google Scholar 

  3. Bruza, P., van der Weide, T.P.: The Semantics of Data Flow Diagrams. Technical report 89-16, University of Nijmegen, The Netherlands (1989)

    Google Scholar 

  4. Bytschkow, D., Quilbeuf, J., Igna, G., Ruess, H.: Distributed MILS architectural approach for secure smart grids. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 16–29. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10329-7_2

    Chapter  Google Scholar 

  5. Cimatti, A., DeLong, R., Marcantonio, D., Tonetta, S.: Combining MILS with contract-based design for safety and security requirements. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 264–276. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_23

    Chapter  Google Scholar 

  6. Fovino, I.N., Masera, M., Cian, A.D.: Integrating cyber attacks within fault trees. Rel. Eng. Sys. Saf. 94(9), 1394–1402 (2009)

    Article  Google Scholar 

  7. Iliasov, A., Romanovsky, A., Laibinis, L., Troubitsyna, E., Latvala, T.: Augmenting Event-B modelling with real-time verification. In: Proceedings of the FormSERA 2012, pp. 51–57. IEEE (2012)

    Google Scholar 

  8. Kriaa, S., Bouissou, M., Colin, F., Halgand, Y., Pietre-Cambacedes, L.: Safety and security interactions modeling using the bdmp formalism: case study of a pipeline. In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 326–341. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_22

    Chapter  Google Scholar 

  9. Laibinis, L., Troubitsyna, E.: Refinement of fault tolerant control systems in B. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 254–268. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30138-7_22

    Chapter  Google Scholar 

  10. Leveson, N.G.: Safeware: System Safety and Computers. Addison-Wesley, Boston (1995)

    Google Scholar 

  11. Lopatkin, I., Iliasov, A., Romanovsky, A., Prokhorova, Y., Troubitsyna, E.: Patterns for Representing FMEA in formal specification of control systems. In: HASE 2011, Boca Raton, FL, USA, pp. 146–151. IEEE Computer Society (2011)

    Google Scholar 

  12. Ministry of Defence: Interim Defence Standard 00–58/1: Hazop Studies on Systems Containing Programmable Electronics. In: Directorate of Standardization (1994)

    Google Scholar 

  13. Prokhorova, Y., Laibinis, L., Troubitsyna, E.: Facilitating construction of safety cases from formal models in Event-B. Inf. Softw. Technol. 60, 51–76 (2015)

    Article  Google Scholar 

  14. Rodin: Event-B platform. http://www.event-b.org/

  15. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10506-2_21

    Chapter  Google Scholar 

  16. Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45480-1_16

    Chapter  Google Scholar 

  17. Sere, K., Troubitsyna, E.: Safety analysis in formal specication. In: Wing, J.M., Woodcock, J., Davies, J. (eds.) FM 1999. LNCS, vol. 1709, pp. 1564–1583. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48118-4_33

    Chapter  Google Scholar 

  18. Tarasyuk, A., Pereverzeva, I., Troubitsyna, E., Latvala, T., Nummila, L.: Formal development and assessment of a reconfigurable on-board satellite system. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP 2012. LNCS, vol. 7612, pp. 210–222. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33678-2_18

    Chapter  Google Scholar 

  19. Tarasyuk, A., Troubitsyna, E., Laibinis, L.: Towards probabilistic modelling in Event-B. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 275–289. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16265-7_20

    Chapter  Google Scholar 

  20. Tarasyuk, A., Troubitsyna, E., Laibinis, L.: Integrating stochastic reasoning into event-B development. Form. Asp. Comput. 27(1), 53–77 (2015)

    Article  MathSciNet  Google Scholar 

  21. Troubitsyna, E.: Stepwise Development of Dependable Systems. Technical report (2000)

    Google Scholar 

  22. Troubitsyna, E., Laibinis, L., Pereverzeva, I., Kuismin, T., Ilic, D., Latvala, T.: Towards security-explicit formal modelling of safety-critical systems. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 213–225. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_17

    Chapter  Google Scholar 

  23. Vistbakka, I., Troubitsyna, E., Kuismin, T., Latvala, T.: Co-engineering safety and security in industrial control systems: a formal outlook. In: Romanovsky, A., Troubitsyna, E.A. (eds.) SERENE 2017. LNCS, vol. 10479, pp. 96–114. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65948-0_7

    Chapter  Google Scholar 

  24. Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14–24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45416-0_2

    Chapter  MATH  Google Scholar 

  25. Young, W., Leveson, N.G.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KTH, Stockholm, Sweden

    Elena Troubitsyna

  2. Åbo Akademi University, Turku, Finland

    Elena Troubitsyna & Inna Vistbakka

Authors
  1. Elena Troubitsyna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Inna Vistbakka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Inna Vistbakka .

Editor information

Editors and Affiliations

  1. Mälardalen University, Västerås, Sweden

    Barbara Gallina

  2. Norwegian University of Science and Technology, Trondheim, Norway

    Amund Skavhaug

  3. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Troubitsyna, E., Vistbakka, I. (2018). Deriving and Formalising Safety and Security Requirements for Control Systems. In: Gallina, B., Skavhaug, A., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11093. Springer, Cham. https://doi.org/10.1007/978-3-319-99130-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99130-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99129-0

  • Online ISBN: 978-3-319-99130-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation