Abstract
Approaches to the safety analysis of software-intensive systems are being adapted to also provide security assurance. Extensions have been proposed to reflect the specific nature of security analysis by introducing intention as a causal factor to reaching unsafe state of the system, or by introducing new layers in the system modelling to model its surface of attack.
In this paper we propose to extend these approaches by modelling the attacks perspective alongside the system. We explain how such modelling could be used to verify the coverage of the security analysis and facilitate its maintenance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdulkhaleq, A., Wagner, S., Leveson, N.: A comprehensive safety engineering approach for software-intensive systems based on STPA. Proc. Eng. 128, 2–11 (2015). doi:10.1016/j.proeng.2015.11.498
Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. Part 2 34, 183–196 (2016). doi:10.1016/j.jisa.2016.05.008
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). doi:10.1007/978-3-319-18467-8_23
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015). doi:10.1016/j.ress.2015.02.008
Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. The MIT Press, Cambridge (2011)
Leveson, N., Thomas, J.: An STPA Primer (2013). http://sunnyday.mit.edu/STPA-Primer-v0.pdf
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). doi:10.1007/978-3-319-10506-2_21
Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_16
Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: Workshop on Dependable Embedded and Cyber-Physical Systems DECS of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
Young, W., Leveson, N.: Systems thinking for safety and security. In: 29th Annual Computer Security Applications Conference ACSAC, pp. 1–8 (2013). doi:10.1145/2523649.2530277
Young, W., Leveson, N.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014). doi:10.1145/2556938
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Altawairqi, A., Maarek, M. (2017). Attack Modeling for System Security Analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-66284-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66283-1
Online ISBN: 978-3-319-66284-8
eBook Packages: Computer ScienceComputer Science (R0)