Formalizing Security and Safety Requirements by Mapping Attack-Fault Trees on Obstacle Models with Constraint Programming Semantics

2020 IEEE Workshop on Formal Requirements (FORMREQ) Pub Date : 2020-08-01 DOI:10.1109/FORMREQ51202.2020.00009

C. Ponsard, J. Deprez, Robert Darimont

{"title":"Formalizing Security and Safety Requirements by Mapping Attack-Fault Trees on Obstacle Models with Constraint Programming Semantics","authors":"C. Ponsard, J. Deprez, Robert Darimont","doi":"10.1109/FORMREQ51202.2020.00009","DOIUrl":null,"url":null,"abstract":"Requirements Engineering (RE) covers not only the capture and structuring of various properties the system should achieve but also the identification of high-level choices on how to achieve such goals or to avoid related obstacles. Generic RE frameworks support simple formalisation of alternatives using AND/OR refinements while more specialised fields such as safety and security engineering have richer analysis capabilities respectively through fault and attack trees. In this paper, we review the various constructs proposed in those domains and state their semantics at RE level to support safety and security co-engineering. As a supplementary step, we propose a mapping on the semantics provided by Constraint Programming in order to search for optimal configurations in the design space of a RE model. We consider multiple objectives stated as non-functional requirements and formalised using quantified attributes over goal models. Our work is validated on the complex design of an oil pipe system mixing safety and security critical properties.","PeriodicalId":251481,"journal":{"name":"2020 IEEE Workshop on Formal Requirements (FORMREQ)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Workshop on Formal Requirements (FORMREQ)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FORMREQ51202.2020.00009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Requirements Engineering (RE) covers not only the capture and structuring of various properties the system should achieve but also the identification of high-level choices on how to achieve such goals or to avoid related obstacles. Generic RE frameworks support simple formalisation of alternatives using AND/OR refinements while more specialised fields such as safety and security engineering have richer analysis capabilities respectively through fault and attack trees. In this paper, we review the various constructs proposed in those domains and state their semantics at RE level to support safety and security co-engineering. As a supplementary step, we propose a mapping on the semantics provided by Constraint Programming in order to search for optimal configurations in the design space of a RE model. We consider multiple objectives stated as non-functional requirements and formalised using quantified attributes over goal models. Our work is validated on the complex design of an oil pipe system mixing safety and security critical properties.

查看原文本刊更多论文

用约束规划语义在障碍模型上映射攻击-故障树形式化安全和安全需求

需求工程(RE)不仅涵盖了系统应该实现的各种属性的捕获和结构，还包括如何实现这些目标或避免相关障碍的高级选择的识别。通用的可再生能源框架支持使用AND/OR改进对备选方案进行简单的形式化，而更专业的领域，如安全和安全工程，分别通过故障树和攻击树拥有更丰富的分析能力。在本文中，我们回顾了在这些领域中提出的各种结构，并在RE级别说明了它们的语义，以支持安全和安全协同工程。作为补充步骤，我们提出了约束规划提供的语义映射，以便在RE模型的设计空间中搜索最优配置。我们考虑将多个目标声明为非功能需求，并使用目标模型上的量化属性进行形式化。我们的工作在混合安全和安全关键性能的复杂油管系统设计中得到了验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Workshop on Formal Requirements (FORMREQ)

自引率

0.00%

发文量