{"title":"用约束规划语义在障碍模型上映射攻击-故障树形式化安全和安全需求","authors":"C. Ponsard, J. Deprez, Robert Darimont","doi":"10.1109/FORMREQ51202.2020.00009","DOIUrl":null,"url":null,"abstract":"Requirements Engineering (RE) covers not only the capture and structuring of various properties the system should achieve but also the identification of high-level choices on how to achieve such goals or to avoid related obstacles. Generic RE frameworks support simple formalisation of alternatives using AND/OR refinements while more specialised fields such as safety and security engineering have richer analysis capabilities respectively through fault and attack trees. In this paper, we review the various constructs proposed in those domains and state their semantics at RE level to support safety and security co-engineering. As a supplementary step, we propose a mapping on the semantics provided by Constraint Programming in order to search for optimal configurations in the design space of a RE model. We consider multiple objectives stated as non-functional requirements and formalised using quantified attributes over goal models. Our work is validated on the complex design of an oil pipe system mixing safety and security critical properties.","PeriodicalId":251481,"journal":{"name":"2020 IEEE Workshop on Formal Requirements (FORMREQ)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Formalizing Security and Safety Requirements by Mapping Attack-Fault Trees on Obstacle Models with Constraint Programming Semantics\",\"authors\":\"C. Ponsard, J. Deprez, Robert Darimont\",\"doi\":\"10.1109/FORMREQ51202.2020.00009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Requirements Engineering (RE) covers not only the capture and structuring of various properties the system should achieve but also the identification of high-level choices on how to achieve such goals or to avoid related obstacles. Generic RE frameworks support simple formalisation of alternatives using AND/OR refinements while more specialised fields such as safety and security engineering have richer analysis capabilities respectively through fault and attack trees. In this paper, we review the various constructs proposed in those domains and state their semantics at RE level to support safety and security co-engineering. As a supplementary step, we propose a mapping on the semantics provided by Constraint Programming in order to search for optimal configurations in the design space of a RE model. We consider multiple objectives stated as non-functional requirements and formalised using quantified attributes over goal models. Our work is validated on the complex design of an oil pipe system mixing safety and security critical properties.\",\"PeriodicalId\":251481,\"journal\":{\"name\":\"2020 IEEE Workshop on Formal Requirements (FORMREQ)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE Workshop on Formal Requirements (FORMREQ)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FORMREQ51202.2020.00009\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Workshop on Formal Requirements (FORMREQ)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FORMREQ51202.2020.00009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Formalizing Security and Safety Requirements by Mapping Attack-Fault Trees on Obstacle Models with Constraint Programming Semantics
Requirements Engineering (RE) covers not only the capture and structuring of various properties the system should achieve but also the identification of high-level choices on how to achieve such goals or to avoid related obstacles. Generic RE frameworks support simple formalisation of alternatives using AND/OR refinements while more specialised fields such as safety and security engineering have richer analysis capabilities respectively through fault and attack trees. In this paper, we review the various constructs proposed in those domains and state their semantics at RE level to support safety and security co-engineering. As a supplementary step, we propose a mapping on the semantics provided by Constraint Programming in order to search for optimal configurations in the design space of a RE model. We consider multiple objectives stated as non-functional requirements and formalised using quantified attributes over goal models. Our work is validated on the complex design of an oil pipe system mixing safety and security critical properties.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
