Towards Combined Safety and Security Constraints Analysis
نویسندگان
چکیده
A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is a well-known framework that has been largely employed to aid in identifying threats event/source and vulnerabilities, determining the effectiveness security control, and evaluating the adverse impact of risks. Safety and security analyses, when performed independently, may generate conflicts of design constraints that result in an inconsistent design. This paper reports a novel integrated approach for safety analysis and security analysis of systems. In our approach, safety analysis is conducted with STPA while security analysis employs NIST SP800-30. It builds on a specification of security and safety constraints and outlines a scheme to automatically analyze and detect conflicts between and pairwise reinforcements of various constraints. Preliminary results show that the approach allows security and safety teams to perform a more efficient analysis.
منابع مشابه
SafSec: Commonalities Between Safety and Security Assurance
Many systems, particularly in the military domain, must be certified or accredited by both safety and security authorities. Current practice argues safety and security accreditations separately. A research project called SafSec has been investigating a combined approach to safety and security argumentation, and has shown that there can be practical benefits in performing a combined analysis and...
متن کاملHeuristics for Safety and Security Constraints
The flow logic approach to static analysis amounts to specifying the admissibility of solutions to analysis problems; when specified using formulae in stratified alternation-free least fixed point logic one may use efficient algorithms for computing the least admissible solutions. We extend this scenario to validate the fulfilment of safety and security constraints on admissible solutions; the ...
متن کاملEvaluation of the relationship between the uses of safety procedures in the rate of human error in Yazd Combined Cycle Power Plant
Introduction: About 60 to 90 percent of an accident in the industry is caused by human error. This study aimed to assess the effectiveness of safety procedures in reducing human error in Yazd Combined Cycle Power Plant employees. Materials and Methods: The present study is a quasi-experimental intervention that was conducted aimed to measure the human error of 121 employees of Yazd Combined...
متن کاملFighting Hunger Together: A Case of Women Farmers’ Participation in Women Groups in Mwala Division, Kenya
Food security remains a major challenge for most rural households in Kenya especially those in arid and semi arid areas. Women play a crucial role as primary food producers and custodians of household food security. They however face many constraints in their endeavor to secure food for their households. Women, lack access to extension education, land and credit and these challenges are exacerb...
متن کاملEvaluation of Safety Culture and the Effect of Lean Safety Approach on the Improvement of Safety Culture (Case Study: Sarv Combined Cycle Power Plant [Chadormelo] of MAPNA Operation and Repair Company)
Introduction: Accidents in the workplace hurt people and sometimes cause death. One of the ways to prevent occupational accidents is to change the behavior and attitude of people towards safety. The present study was conducted to investigate the effect of the lean approach on the promotion of safety culture in Sarv combined cycle power plant of MAPNA exploitation. Materials and Methods: In thi...
متن کامل