Towards Safety and Security Co-engineering

Challenging Aspects for a Consistent Intertwining
  • Gabriel PedrozaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11552)


The emergence of systems identified as both safety and security critical has motivated research and industry to search for novel approaches to conduct multi-concern engineering (co-engineering). But several aspects and issues have arisen during the process what has limited the advances. Among them, there are the specificities found in concepts, methods and development cycles, the current standalone practices of safety and security, and the lack of consolidated metrics for safety-security assessment. This paper presents synthetic discussions on referred topics along with some suggestions for solutions and perspectives.


Safety Security Development cycle Co-engineering MDE Safety-security metrics 


  1. 1.
    SAE International : ARP4754A - Guidelines for Development of Civil Aircraft and Systems. SAE International (2010).
  2. 2.
    International Organization for Standardization: ISO 26262 - Road vehicles - Functional safety. ISO (2011).
  3. 3.
    International Organization for Standardization: ISO 27005 - Information technology - Security techniques - Information security risk management. ISO (2018).
  4. 4.
    Agence Nationale de la Sécurité des Systèmes d’Information: EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité. ANSSI (2010).
  5. 5.
    European Organization for Civil Aviation Equipment: ED202 - Airworthiness Security Process Specification. EUROCAE (2014).
  6. 6.
    European Organization for Civil Aviation Equipment: ED203 - Airworthiness Security Methods and Considerations. EUROCAE (2018).
  7. 7.
    International Electrotechnical Commission: IEC 61508 - Functional safety of electrical/electronic/programmable electronic safety-related systems. IEC (2010).
  8. 8.
    Pedroza, G., Idrees, M.S., Apvrille, L., Roudier, Y.: A formal methodology applied to secure over-the-air automotive applications. In: Proceedings on Vehicular Technology Conference (VTC Fall), pp. 1–5. IEEE, San Francisco (2011)Google Scholar
  9. 9.
    Hamid, B., Gürgens, S., Fuchs, A.: Security patterns modeling and formalization for pattern-based development of secure software systems. J. Innov. Syst. Softw. Eng. 12(2), 109–140 (2016)CrossRefGoogle Scholar
  10. 10.
    Object Management Group: Unified Modeling Language Specification. OMG (2017).
  11. 11.
    Object Management Group: System Modeling Language Specification. OMG (2017).
  12. 12.
    Holm, H.: A large-scale study of the time required to compromise a computer system. In: IEEE Proceedings of Transactions on Dependable and Secure Computing, vol. 11, no. 1, pp. 2–15, January–February 2014Google Scholar
  13. 13.
    Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009). ScienceDirect, LNCS ElsevierCrossRefGoogle Scholar
  14. 14.
    Institut pour la Maîtrise des Risques: Experimentation of the new reliability prediction method FIDES. IMDR (2017).
  15. 15.
    U.S. Senate-Committee on Commerce, Science, and Transportation: A “Kill Chain” Analysis of the 2013 Target Data Breach-March 26 2013. USA (2014).
  16. 16.
    Object Management Group (2019).
  17. 17.
    The Eclipse Foundation: Papyrus (2019).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.CEA, LISTGif-sur-YvetteFrance

Personalised recommendations