Skip to main content
SpringerLink
Log in

Systems-Theoretic Likelihood and Severity Analysis for Safety and Security Co-engineering

  • Conference paper
  • First Online:
Book cover Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification (RSSRail 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10598))

Abstract

A number of methodologies and techniques have been proposed to integrate safety and security in risk assessment, but there is an ideological divide between component-centric and systems-theoretic approaches. In this paper, we propose a new hybrid method for Systems-Theoretic Likelihood and Severity Analysis (STLSA), which combines desirable characteristics from both schools of thought. Specifically, STLSA focuses on functional control actions in the system, including humans-in-the-loop, but incorporates semi-quantitative risk assessment based on existing industry practice. We demonstrate this new approach using the case study of train braking control.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IEC 60812: Analysis techniques for system reliability ? procedure for failure mode and effects analysis (FMEA)

    Google Scholar 

  2. First mrt accident (2004). http://eresources.nlb.gov.sg/infopedia/articles/SIP_814_2004-12-31.html

  3. BS EN 50126–1. Railway applications-The Specification and Demonstration Reliability, Availability, Maintainability and Safety (RAMS). Part 1: Basic Requirements and Generic Process (2015)

    Google Scholar 

  4. Chockalingam, S., Hadziosmanovic, D., Pieters, W., Teixeira, A., van Gelder, P.: Integrated safety and security risk assessment methods: a survey of key characteristics and applications. In: CRITIS (2016)

    Google Scholar 

  5. Defence Science and Technology Agency blog. How we caught the circle line rogue train with data (2016). https://blog.data.gov.sg/how-we-caught-the-circle-linerogue-train-with-data-79405c86ab6a#.4fu3jqint

  6. Fovino, I.N., Masera, M., De Cian, A.: Integrating cyber attacks within fault trees. Reliab. Eng. Syst. Saf. 94(9), 1394–1402 (2009)

    Article  Google Scholar 

  7. Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2016)

    Google Scholar 

  8. Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST), pp. 641–646. IEEE (2009)

    Google Scholar 

  9. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)

    Article  Google Scholar 

  10. Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_21

    Chapter  Google Scholar 

  11. Massacci, F., Paci, F.: How to select a security requirements method? a comparative study with students and practitioners. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 89–104. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34210-3_7

    Chapter  Google Scholar 

  12. Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013)

    Article  Google Scholar 

  13. Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31072-0_24

    Chapter  Google Scholar 

  14. Raspotnig, C., Karpati, P., Katta, V.: A combined process for elicitation and analysis of safety and security requirements. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD - 2012. LNBIP, vol. 113, pp. 347–361. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31072-0_24

    Chapter  Google Scholar 

  15. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). doi:10.1007/978-3-319-10506-2_21

    Google Scholar 

  16. Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_16

    Chapter  Google Scholar 

  17. Schmittner, C., Ma, Z., Schoitsch, E., Gruber, T.: A case study of fmvea and chassis as safety and security co-analysis method for automotive cyber-physical systems. In: ACM Workshop on Cyber-Physical System Security, pp. 69–80. ACM (2015)

    Google Scholar 

  18. Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282–288. Springer, Cham (2014). doi:10.1007/978-3-319-10557-4_31

    Google Scholar 

  19. Shostack, A., Lambert, S., Ostwald, T., Hernan, S.: Uncover security design flaws using the STRIDE approach. MSDN Mag., November 2006. https://msdn.microsoft.com/magazine/msdn-magazine-issues

  20. Temple, W.G., Wu, Y., Chen, B., Kalbarczyk, Z.: Reconciling systems-theoretic and component-centric methods for safety and security co-analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 87–93. Springer, Cham (2017). doi:10.1007/978-3-319-66284-8_9

    Chapter  Google Scholar 

  21. The Straits Times. Oil spillage led to mrt train collision, Panel (1993). http://eresources.nlb.gov.sg/newspapers/Digitised/Article/straitstimes19931020-1.2.2

  22. The Straits Times. Train’s faulty signals behind circle line woes (2016). http://www.straitstimes.com/singapore/transport/trains-faulty-signals-behindcircle-line-woes

  23. Young, W., Leveson, N.: Systems thinking for safety and security. In: ACSAC, pp. 1–8. ACM (2013)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. It was also supported in part by the research grant for the Human-Centered Cyber-physical Systems Programme at the Advanced Digital Sciences Center from Singapore’s Agency for Science, Technology and Research (A*STAR).

Author information

Authors and Affiliations

  1. Advanced Digital Sciences Center, Illinois at Singapore, Singapore, Singapore

    William G. Temple, Yue Wu & Binbin Chen

  2. University of Illinois at Urbana-Champaign, Champaign, IL, USA

    Zbigniew Kalbarczyk

Authors
  1. William G. Temple
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yue Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Binbin Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zbigniew Kalbarczyk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to William G. Temple .

Editor information

Editors and Affiliations

  1. Università di Firenze, Florence, Italy

    Alessandro Fantechi

  2. ClearSy, Aix-en-Provence, France

    Thierry Lecomte

  3. Newcastle University, Newcastle upon Tyne, United Kingdom

    Alexander Romanovsky

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Temple, W.G., Wu, Y., Chen, B., Kalbarczyk, Z. (2017). Systems-Theoretic Likelihood and Severity Analysis for Safety and Security Co-engineering. In: Fantechi, A., Lecomte, T., Romanovsky, A. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2017. Lecture Notes in Computer Science(), vol 10598. Springer, Cham. https://doi.org/10.1007/978-3-319-68499-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68499-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68498-7

  • Online ISBN: 978-3-319-68499-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation