Integrating security in hazard analysis using STPA-Sec and GSPN: A case study of automatic emergency braking system

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-05-06 DOI:10.1016/j.cose.2024.103890

Yufeng Li , Chengjian Huang , Qi Liu , Xiangyu Zheng , Ke Sun

{"title":"Integrating security in hazard analysis using STPA-Sec and GSPN: A case study of automatic emergency braking system","authors":"Yufeng Li , Chengjian Huang , Qi Liu , Xiangyu Zheng , Ke Sun","doi":"10.1016/j.cose.2024.103890","DOIUrl":null,"url":null,"abstract":"<div><p>Hazard analysis is a vital step in developing intelligent connected vehicles, aiming to eliminate or control hazards in the initial stages of system development and to provide theoretical support for the system’s safety design. However, conventional hazard analysis methods, such as Fault Tree Analysis and Failure Mode and Effects Analysis, suffer from two shortcomings: they do not account for the impact of cybersecurity factors on system safety and do not provide sufficient quantification of hazard scenarios. To this end, we propose a quantifiable hazard analysis method with security consideration, which integrates System Theoretic Process Analysis for Security (STPA-Sec) and Generalized Stochastic Petri Net (GSPN), supporting the extraction, modeling, and quantification of hazards. Specifically, we employ STPA-Sec for qualitative analysis to identify causal scenarios, safety requirements, security requirements, and the corresponding mitigations. Then, based on the identified causal scenarios, a GSPN model is established to quantify system-level hazards. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards but also provides a quantitative assessment. Comparative assessments suggest that the proposed method exhibits an advantage in terms of analysis processes (integrating security) and results (quantification).</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"142 ","pages":"Article 103890"},"PeriodicalIF":5.4000,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824001925","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Hazard analysis is a vital step in developing intelligent connected vehicles, aiming to eliminate or control hazards in the initial stages of system development and to provide theoretical support for the system’s safety design. However, conventional hazard analysis methods, such as Fault Tree Analysis and Failure Mode and Effects Analysis, suffer from two shortcomings: they do not account for the impact of cybersecurity factors on system safety and do not provide sufficient quantification of hazard scenarios. To this end, we propose a quantifiable hazard analysis method with security consideration, which integrates System Theoretic Process Analysis for Security (STPA-Sec) and Generalized Stochastic Petri Net (GSPN), supporting the extraction, modeling, and quantification of hazards. Specifically, we employ STPA-Sec for qualitative analysis to identify causal scenarios, safety requirements, security requirements, and the corresponding mitigations. Then, based on the identified causal scenarios, a GSPN model is established to quantify system-level hazards. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards but also provides a quantitative assessment. Comparative assessments suggest that the proposed method exhibits an advantage in terms of analysis processes (integrating security) and results (quantification).

查看原文本刊更多论文

利用 STPA-Sec 和 GSPN 将安全纳入危险分析：自动紧急制动系统案例研究

危险分析是开发智能互联汽车的重要步骤，目的是在系统开发的初始阶段消除或控制危险，并为系统的安全设计提供理论支持。然而，传统的危险分析方法，如故障树分析法和失效模式及影响分析法，存在两个缺陷：没有考虑网络安全因素对系统安全的影响，也没有对危险场景进行充分量化。为此，我们提出了一种考虑安全因素的可量化危害分析方法，该方法集成了安全系统理论过程分析（STPA-Sec）和广义随机 Petri 网（GSPN），支持危害的提取、建模和量化。具体来说，我们采用 STPA-Sec 进行定性分析，以确定因果情景、安全要求、安全要求和相应的缓解措施。然后，根据确定的因果情景，建立一个 GSPN 模型来量化系统级危险。对一辆真实的开源测试车辆进行的案例研究表明，所提出的方法不仅能对危害进行全面分析，还能提供定量评估。比较评估表明，建议的方法在分析过程（整合安全性）和结果（量化）方面都具有优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.