| dc.contributor.author | Suo, Dajiang | |
| dc.contributor.author | Siegel, Joshua E | |
| dc.contributor.author | Sarma, Sanjay E | |
| dc.date.accessioned | 2018-11-16T20:45:09Z | |
| dc.date.available | 2018-11-16T20:45:09Z | |
| dc.date.issued | 2018 | |
| dc.identifier.issn | 1751-956X | |
| dc.identifier.issn | 1751-9578 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/119161 | |
| dc.description.abstract | When developing cyber-physical systems such as automated vehicles, safety and cybersecurity analyses are often conducted separately. However, unlike in the IT world, safety hazards and cybersecurity threats converge in cyber-physical systems; a malicious party can exploit cyber-threats to create extremely hazardous situations, whether in autonomous vehicles or nuclear plants. We propose a framework for integrated system-level analyses for functional safety and cyber security. We present a generic model named Threat Identification and Refinement for Cyber-Physical Systems (TIRCPS) extending Microsoft’s six classes of threat modelling including Spoofing, Tampering, Repudiation, Information Disclosure,
Denial-of-Service and Elevation Privilege (STRIDE). TIRCPS introduces three benefits for developing complex systems: first, it allows the refinement of abstract threats into specific ones as physical design information becomes available; Second, the approach provides support for constructing attack trees with traceability from high-level goals and hazardous events to threats. Third, TIRCPS formalizes the definition of threats such that intelligent tools can be built to automatically detect most of a system’s vulnerable components requiring protection. We present a case study on an automated-driving system to illustrate the proposed approach. The analysis results of a hierarchical attack tree with cyber threats traceable to highlevel hazardous events are used to design mitigation solutions. | en_US |
| dc.language.iso | en_US | |
| dc.publisher | Institution of Electrical Engineers (IEE) | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1049/iet-its.2018.5323 | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | Subirana, Brian | en_US |
| dc.title | Merging safety and cybersecurity analysis in product design | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Suo, Dajiang, et al. “Merging Safety and Cybersecurity Analysis in Product Design.” IET Intelligent Transport Systems, vol. 12, no. 9, Nov. 2018, pp. 1103–09. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Mechanical Engineering | en_US |
| dc.contributor.approver | Sanjay E. Sarma | en_US |
| dc.contributor.mitauthor | Suo, Dajiang | |
| dc.contributor.mitauthor | Siegel, Joshua E | |
| dc.contributor.mitauthor | Sarma, Sanjay E | |
| dc.relation.journal | IET Intelligent Transport Systems | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dspace.orderedauthors | Suo, Dajiang; Siegel, Joshua E.; Sarma, Sanjay E. | en_US |
| dspace.embargo.terms | N | en_US |
| dc.identifier.orcid | https://orcid.org/0000-0003-3748-6115 | |
| dc.identifier.orcid | https://orcid.org/0000-0002-5540-7401 | |
| dc.identifier.orcid | https://orcid.org/0000-0003-2812-039X | |
| mit.license | OPEN_ACCESS_POLICY | en_US |
