Merging safety and cybersecurity analysis in product design

Suo, Dajiang; Siegel, Joshua E.; Sarma, Sanjay E.

Author(s)

Suo, Dajiang; Siegel, Joshua E; Sarma, Sanjay E

DownloadTIRCPS.pdf (5.249Mb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. We propose a framework for integrated system-level analyses for functional safety and cyber security. We present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft’s six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure, Denial-of-Service and Elevation Privilege (STRIDE). TIRCPS introduces three benefits for developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available; Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events to threats. Third, TIRCPS formalizes the definition of threats such that intelligent tools can be built to automatically detect most of a system’s vulnerable components requiring protection. We present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber threats traceable to highlevel hazardous events are used to design mitigation solutions.

Date issued

2018

URI

http://hdl.handle.net/1721.1/119161

Department

Massachusetts Institute of Technology. Department of Mechanical Engineering

Journal

IET Intelligent Transport Systems

Publisher

Institution of Electrical Engineers (IEE)

Citation

Suo, Dajiang, et al. “Merging Safety and Cybersecurity Analysis in Product Design.” IET Intelligent Transport Systems, vol. 12, no. 9, Nov. 2018, pp. 1103–09.

Version: Author's final manuscript

ISSN

1751-956X

1751-9578

Collections

MIT Open Access Articles

DSpace@MIT