research-article

Toward a Method for Safety and Security Requirements Alignment in Critical IoT Systems

Authors:

Ernesto Fonseca Veiga,

Renato de Freitas Bulcão-NetoAuthors Info & Claims

SBES '23: Proceedings of the XXXVII Brazilian Symposium on Software Engineering

Pages 452 - 457

https://doi.org/10.1145/3613372.3613373

Published: 25 September 2023 Publication History

Abstract

The complexity of critical IoT systems demands the joint treatment of safety and security requirements from the early system life cycle stages. Dealing with multiple (and sometimes conflicting) relationships between such requirements has been a great research need. We present a preliminary version of a method for the alignment of safety and security requirements for critical IoT systems based on the System Theoretic Process Analysis (STPA) technique. A simple use case of our method shows how those requirements are handled during the conception and elicitation phases. When fully defined, our method will help analysts handle safety and security as first-class concerns from conception to specification of critical IoT systems, including requirements dependencies and conflicts.

References

[1]

Christoph Binder 2021. Enabling Model-Based Requirements Engineering in a Complex Industrial System of Systems Environment. In 2021 26th IEEE Int. Conf. on Emerging Technologies and Factory Automation (ETFA). IEEE Press, 1–6.

Digital Library

[2]

Donald G Firesmith. 2003. Common concepts underlying safety security and survivability engineering. Technical Report. Carnegie-Mellon University.

[3]

Ivo Friedberg 2017. STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of Information Security and Applications 34 (2017), 183–196.

[4]

Simon Fritz 2019. A Guideline for the Requirements Engineering Process of SMEs Regarding to the Development of CPS. In 2019 8th International Conference on Industrial Technology and Management (ICITM). 85–94.

[5]

Jon Arne Glomsrud and J Xie. 2019. A structured STPA safety and security co-analysis framework for autonomous ships. In European Safety and Reliability conference, Germany, Hannover.

[6]

Vaira Gromule 2017. Safety and Security of Passenger Terminal: the Case Study of Riga International Coach Terminal. Procedia Engineering 178 (2017), 147–154.

[7]

Georgios Kavallieratos 2020. SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces 70 (2020), 103429.

Digital Library

[8]

Shaharyar Khan and Stuart Madnick. 2022. Protecting Chiller Systems from Cyberattack Using a Systems Thinking Approach. Network 2, 4 (2022), 606–627.

[9]

Siwar Kriaa 2015. A survey of approaches combining safety and security for industrial control systems. Reliability Engineering & System Safety 139 (2015), 156–178.

[10]

Samantha Lautieri 2005. SafSec: Commonalities Between Safety and Security Assurance. In Safety-critical Systems Symposium.

[11]

Nancy G Leveson and John Thomas. 2018. STPA Handbook. MIT.

[12]

Elena Lisova 2019. Safety and Security Co-Analyses: A Systematic Literature Review. IEEE Systems Journal 13, 3 (2019), 2189–2200.

[13]

Anh Nguyen-Duc 2019. Minimum Viable Products for Internet of Things Applications: Common Pitfalls and Practices. Future Internet 11, 2 (2019).

[14]

Sara Sadvandi 2012. Safety and Security Interdependencies in Complex Systems and SoS: Challenges and Perspectives. In Complex Systems Design & Management. Springer Berlin Heidelberg, Berlin, Heidelberg, 229–241.

[15]

Ernesto Fonseca Veiga. 2023. Uma Abordagem para Alinhamento de Requisitos de Segurança e Proteção de Sistemas IoT Críticos. In Anais do XXVI Congresso Ibero-Americano em Engenharia de Software.

[16]

Ernesto Fonseca Veiga and Renato Freitas Bulcão-Neto. 2022. Engenharia de Requisitos de Sistemas IoT e Ciber-Físicos: Resultados Preliminares. In Anais do WER22 - Workshop em Engenharia de Requisitos.

[17]

Marilyn Wolf and Dimitrios Serpanos. 2018. Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems. Proc. IEEE 106, 1 (2018), 9–20. https://doi.org/10.1109/JPROC.2017.2781198

[18]

Z. L. Yang and Z. Qu. 2016. Quantitative maritime security assessment: a 2020 vision. IMA Journal of Management Mathematics 27, 4 (05 2016), 453–470.

[19]

Xiang-Yu Zhou 2021. A system-theoretic approach to safety and security co-analysis of autonomous ships. Ocean Engineering 222 (2021), 108569.

Cited By

Veiga EKudo TBulcão-Neto R(2024)Linking Agile Planning and Safety and Security Analysis in Critical IoT Systems: An Approach based on ISO/IEC/IEEE 15288Proceedings of the XXIII Brazilian Symposium on Software Quality10.1145/3701625.3701648(81-91)Online publication date: 5-Nov-2024
https://dl.acm.org/doi/10.1145/3701625.3701648

Index Terms

Toward a Method for Safety and Security Requirements Alignment in Critical IoT Systems
1. Security and privacy
  1. Formal methods and theory of security
    1. Security requirements
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

Requirement traceability in safety critical systems
CARS '10: Proceedings of the 1st Workshop on Critical Automotive applications: Robustness & Safety

Safety engineering analysis is a mandatory stage in the design of critical embedded automotive systems. The derivation of safety requirements and their verification require establishing traceability links between requirements and the different artifacts ...
Patterns for Development of Safety-Critical Systems with Agile: Trace Safety Requirements and Perform Automated Testing
EuroPLoP '20: Proceedings of the European Conference on Pattern Languages of Programs 2020

In safety-critical systems keeping complete trace of requirements and detailed testing is an extremely relevant part of software development life cycle. Safety standards like ISO 26262, DO178C and many others prescribe that critical requirements must be ...
Requirements Management in a Combined Process for Safety and Security Assessments
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and Security

Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS) method defines a unified process for safety and security assessments to address both the safety and security aspects during system development process. CHASSIS applies ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SBES '23: Proceedings of the XXXVII Brazilian Symposium on Software Engineering

September 2023

570 pages

ISBN:9798400707872

DOI:10.1145/3613372

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 September 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES)

Conference

SBES 2023

SBES 2023: XXXVII Brazilian Symposium on Software Engineering

September 25 - 29, 2023

Campo Grande, Brazil

Acceptance Rates

Overall Acceptance Rate 147 of 427 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
47
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Veiga EKudo TBulcão-Neto R(2024)Linking Agile Planning and Safety and Security Analysis in Critical IoT Systems: An Approach based on ISO/IEC/IEEE 15288Proceedings of the XXIII Brazilian Symposium on Software Quality10.1145/3701625.3701648(81-91)Online publication date: 5-Nov-2024
https://dl.acm.org/doi/10.1145/3701625.3701648

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten