模型驱动的安全和安保共同分析：系统文献综述

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software Pub Date : 2024-10-18 DOI:10.1016/j.jss.2024.112251

Victor Luiz Grechi , André Luiz de Oliveira , Rosana T. Vaccare Braga

{"title":"模型驱动的安全和安保共同分析：系统文献综述","authors":"Victor Luiz Grechi , André Luiz de Oliveira , Rosana T. Vaccare Braga","doi":"10.1016/j.jss.2024.112251","DOIUrl":null,"url":null,"abstract":"<div><div>Failures in systems that can lead to loss of life, property, and environmental damage, make them safety–critical systems requiring the analysis and demonstration of dependability properties. When those systems can connect/disconnect to each other, it raises security issues, making them also security-critical. Safety and security are crucial in safety- and security-critical design. The complexity of a connected world impacts safety and security, requiring dependability assurance processes in compliance with standards like ISO 26262, ISO 21434, IEC 61511, and IEC 61508. Model-Driven Engineering (MDE) plays a significant role by using models to represent and analyze safety and security properties, facilitating their integration. This study aims to explore the role of MDE in supporting safety and security co-engineering through a Systematic Literature Review. We identified 119 studies that were analyzed and categorized based on the life-cycle phase, risk assessment activity, application domain, methodology type (integrated or unified), methodology goal (co-engineering or cross-fertilization), measurement (qualitative, quantitative, or both), modeling approach, representation, evaluation method, and supporting tools. Though model-driven contributions are less prevalent than model-based ones, tools widely support them. Studies primarily focus on transportation (especially automotive) and industrial domains, but there is potential for broader participation with increasing IoT adoption.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"220 ","pages":"Article 112251"},"PeriodicalIF":3.7000,"publicationDate":"2024-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Model-driven safety and security co-analysis: A systematic literature review\",\"authors\":\"Victor Luiz Grechi , André Luiz de Oliveira , Rosana T. Vaccare Braga\",\"doi\":\"10.1016/j.jss.2024.112251\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Failures in systems that can lead to loss of life, property, and environmental damage, make them safety–critical systems requiring the analysis and demonstration of dependability properties. When those systems can connect/disconnect to each other, it raises security issues, making them also security-critical. Safety and security are crucial in safety- and security-critical design. The complexity of a connected world impacts safety and security, requiring dependability assurance processes in compliance with standards like ISO 26262, ISO 21434, IEC 61511, and IEC 61508. Model-Driven Engineering (MDE) plays a significant role by using models to represent and analyze safety and security properties, facilitating their integration. This study aims to explore the role of MDE in supporting safety and security co-engineering through a Systematic Literature Review. We identified 119 studies that were analyzed and categorized based on the life-cycle phase, risk assessment activity, application domain, methodology type (integrated or unified), methodology goal (co-engineering or cross-fertilization), measurement (qualitative, quantitative, or both), modeling approach, representation, evaluation method, and supporting tools. Though model-driven contributions are less prevalent than model-based ones, tools widely support them. Studies primarily focus on transportation (especially automotive) and industrial domains, but there is potential for broader participation with increasing IoT adoption.</div><div><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</div></div>\",\"PeriodicalId\":51099,\"journal\":{\"name\":\"Journal of Systems and Software\",\"volume\":\"220 \",\"pages\":\"Article 112251\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2024-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems and Software\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0164121224002954\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121224002954","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

系统故障可能导致生命、财产损失和环境破坏，因此是安全关键型系统，需要对其可靠性进行分析和论证。当这些系统可以相互连接/断开时，就会产生安全问题，使它们也成为安全关键型系统。安全和保安在安全和保安关键型设计中至关重要。互联世界的复杂性影响着安全性和保障性，需要符合 ISO 26262、ISO 21434、IEC 61511 和 IEC 61508 等标准的可靠性保证流程。模型驱动工程（MDE）通过使用模型来表示和分析安全与安保属性，促进了它们之间的整合，从而发挥了重要作用。本研究旨在通过系统文献综述，探讨 MDE 在支持安全和保安协同工程中的作用。我们确定了 119 项研究，并根据生命周期阶段、风险评估活动、应用领域、方法类型（集成或统一）、方法目标（协同工程或交叉融合）、衡量标准（定性、定量或两者兼有）、建模方法、表示方法、评估方法和支持工具对这些研究进行了分析和分类。尽管模型驱动的贡献不如基于模型的贡献普遍，但工具却广泛支持模型驱动的贡献。研究主要集中在交通（尤其是汽车）和工业领域，但随着物联网应用的不断增加，有可能出现更广泛的参与。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Model-driven safety and security co-analysis: A systematic literature review

Failures in systems that can lead to loss of life, property, and environmental damage, make them safety–critical systems requiring the analysis and demonstration of dependability properties. When those systems can connect/disconnect to each other, it raises security issues, making them also security-critical. Safety and security are crucial in safety- and security-critical design. The complexity of a connected world impacts safety and security, requiring dependability assurance processes in compliance with standards like ISO 26262, ISO 21434, IEC 61511, and IEC 61508. Model-Driven Engineering (MDE) plays a significant role by using models to represent and analyze safety and security properties, facilitating their integration. This study aims to explore the role of MDE in supporting safety and security co-engineering through a Systematic Literature Review. We identified 119 studies that were analyzed and categorized based on the life-cycle phase, risk assessment activity, application domain, methodology type (integrated or unified), methodology goal (co-engineering or cross-fertilization), measurement (qualitative, quantitative, or both), modeling approach, representation, evaluation method, and supporting tools. Though model-driven contributions are less prevalent than model-based ones, tools widely support them. Studies primarily focus on transportation (especially automotive) and industrial domains, but there is potential for broader participation with increasing IoT adoption.

Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems and Software 工程技术-计算机：理论方法

CiteScore

8.60

自引率

5.70%

发文量

193

审稿时长

16 weeks

期刊介绍： The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to: •Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution •Agile, model-driven, service-oriented, open source and global software development •Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems •Human factors and management concerns of software development •Data management and big data issues of software systems •Metrics and evaluation, data mining of software development resources •Business and economic aspects of software development processes The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.