Merging safety and cybersecurity analysis in product design
Author(s)Suo, Dajiang; Siegel, Joshua E; Sarma, Sanjay E
MetadataShow full item record
When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. We propose a framework for integrated system-level analyses for functional safety and cyber security. We present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft’s six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service and Elevation Privilege (STRIDE). TIRCPS introduces three benefits for developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available; Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events to threats. Third, TIRCPS formalizes the definition of threats such that intelligent tools can be built to automatically detect most of a system’s vulnerable components requiring protection. We present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber threats traceable to highlevel hazardous events are used to design mitigation solutions.
DepartmentMassachusetts Institute of Technology. Department of Mechanical Engineering
IET Intelligent Transport Systems
Institution of Electrical Engineers (IEE)
Suo, Dajiang, et al. “Merging Safety and Cybersecurity Analysis in Product Design.” IET Intelligent Transport Systems, vol. 12, no. 9, Nov. 2018, pp. 1103–09.
Author's final manuscript