SlideShare a Scribd company logo

Safe & Sec Case Patterns (ASSURE 2015)

Download as PPT, PDF
K
Kenji Taguchi

This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.

Technology
1 of 20
Kenji Taguchi@AIST 3rd International Workshop on Assurance Cases for Software-intensive Systems (ASSURE) 2015 Safe & Sec Case Patterns 2015 September 22 National Institute of Advanced Industrial Science and Technology Information Technology Research Institute Software Analytics Research Group Kenji Taguchi, Daisuke Souma, Hideaki Nishihara
Kenji Taguchi@AIST General Background • Many industrial sectors, which manufacture safety intensive systems e.g., automotive, railway, etc., now face technical challenges how to integrate and harmonize issues on safety in addition to security for their systems. • After the stuxnet incident, any safety critical systems, even not linked to any network are under the imminent threats for security vulnerabilities. • Can we treat safety and security separately? Are there any interactions between safety and security? The answer is YES and we need to tackle issues how to integrate them. • From safety point of view, security is of great importance. Since some (safety-related) hazardous events (such as car crash, derailing, etc,.) could be caused by hardware/software failures and/or malicious attacks, thereby we need to identify and analyze potential hazards/threats, their combinations and their associated risks in a systematic way, and build a new assurance framework for safety and security.
Kenji Taguchi@AIST Background: Security in Automotive Industry • The automotive industry has been experiencing sudden changes of security demands. – Markey report 2014 – Class action against Ford, GM and Toyota 2015 – Recall of Chrysler Jeep Cherokee 2015 – Spy Car Act bill 2015 Markey report Spy Car Act Bill Class action Recall
Kenji Taguchi@AIST • Many industrial sectors are standardizing safety and security standards. • There are several critical issues in those standardizations: • In most cases, harmonization of the both standards are neither well considered nor well understood. • Major stakeholders are becoming to aware that there are many critical issues involved in how to harmonize both standards. ARP 4754A Safety DO-326A Security ISO 26262 Safety ? Security IEC 62278 RAMS IEC 62280 Security Background: Security and Safety Standards
Kenji Taguchi@AIST Background: Integrating standards for Automotive Case ISO 26262 Safety ? Security IEC 62443 ISO/IEC 15408 J3061 Cybersecurity Guidebook (SAE) VDA (German Association of the Automotive industry) • Harmonized style is required • Dual certification would be a challenge Or ISO 26262 Safety Incorporate Security features • Interference analysis could not be sufficient. • Certification cost would be more than doubled. There are several possibilities at what level this integration could be achieved. Otherwise
Kenji Taguchi@AIST Background: SafSec Methodology and Automotive case Def-Stan 00-56 Safety ISO/IEC 15408 Security Assurance Framework based on Dependability Case ISO 26262 Safety Security J3061 Cybersecurity Guidebook (SAE) Safety Case Cybersecurity Case Possible Future SafSec Standard/Guideline Need a new assurance framework based on Safety and Security Cases? +
Kenji Taguchi@AIST Aims of Our Research • Provide process patterns for the guidance on the design of the system development process, which integrates safety and security engineering processes. – There is no well-accepted development process which includes both safety and security engineering so we presented some current practice/proposals in patterns. – Process patterns are derived from an extensive survey on existing safety/security standards/guidelines and research, and our experience with industrial partners in railway (and automotive) industry. – Limitations: • Only dealt with at the early stage of the system development lifecycle. • No evaluation has not been done yet. • Provide case patterns derived from the process patterns, which provide the insight on how a safety case and a security case could be constructed/integrated. – Some assumption: • In near future, many security standards would demand the submission of security cases. – E.g., J-3061 “Cybersecurity guidebook for Cyber-physical automotive systems” by SAE mentions on a cyber-security case. • There would be a critical issue on how to integrate a safety case mandated by a safety standard and a security case mandated by a security standard.
Kenji Taguchi@AIST Assumption: Process level • Only a part of safety concept phase is dealt with in this paper. – E.g., Part 3 of ISO 26262, the safety concept phase. Safety concept phase ISO 26262
Kenji Taguchi@AIST Basic Process Pattern • Basic process is a very generic process commonly found in functional safety standards. • No interactions between the security and safety processes. • Assumption: – Security process may have a identical process (functional security view).
Kenji Taguchi@AIST Subordinate Process Pattern • Some of activities related to security are subordinate to its counterparts in safety. – Requirements: • Need methodological supports, e.g, safety analysis method which also can analyze security threats. • This view appears to be predominant in the safety critical systems community. The above tree represents a methodological support for the subordinate approach, which integrates Fault Tree (FT) analysis with Attack Tree (AT) analysis. Steiner, M., Liggesmeyer, P.: Combination of Safety and Security Analysis - Find- ing Security Problems That Threaten The Safety of a System.
Kenji Taguchi@AIST Uni-Directional Reference Process Pattern • Security and safety processes are separated but the security part will refer to some results of the safety part. • This process pattern can be witnessed in the airworthiness security standard DO-326A. • This process pattern is also safety pre-dominant, since information flows from safety to security. – Remark: • Bi-directional Reference Process Pattern could be possible, but it would be the most complex and the worst cost-effective process.
Kenji Taguchi@AIST Interrelated (Independent) Process Pattern • Security and safety processes run independently, but the trade-off analysis on risk reduction measures (safety requirements) and mitigation methods (security requirements) should be carried out. – It is witnessed in FP7 SESAMO Project. • The aim of the analysis is to identify potential feature interaction between functional safety requirements and security requirements. – For instance, timing constraints on a functional safety requirement may be interfered by time-consuming encryption mechanism of security requirement.
Kenji Taguchi@AIST SafSec Process Pattern • This process pattern is derived from the SafSec standard/guidelines by UK MOD and Praxis. • The aim of this standard/guideline is to certify military equipment under the Def-Stan 00-56 (software safety) and Common Criteria (security). • It converges hazards and threats as losses, which is carried out at the Loss Op meeting, where security experts and safety experts get together to merge hazards and threats.
Kenji Taguchi@AIST Process Patterns (Remaining Issues) • Evaluations on each process pattern is on-going work. – This classification shows there would be several options how to integrate safety and security engineering processes. – Some evaluation criteria should be established. • There are some other issues which do not explicitly appear in these patterns. – Integration of safety analysis and security analysis – Integration of safety and security assessments. • How can we uniformly assess safety risks and security risks even they are based on different matrixes (integrity levels)? – Analysis on feature interaction between safety and security • For instance, could we effectively perform the trade-off analysis at this early stage? • Since at this stage, safety and security requirements are still abstract and feature interactions between them might not be clearly identified yet.
Kenji Taguchi@AIST Safe & Sec Case Patterns • *-cases are required for more than one system attribute. – Existing *-cases • Safety case • Reliability and maintainability case • Dependability case • (Cyber) security case • If more then one case is required, how to integrate them is of great importance to practitioners. • We will show how cases called Safe & Sec Case Patterns could be provided which reflect process patterns presented on the previous slides. – These patterns are represented at the abstract level. • The Safe & Sec Case Patterns are represented in GSN (Goal Structuring Notation).
Kenji Taguchi@AIST GSN (Goal Structuring Notation) • A graphical notation for representing an argument (T. Kelly) – GSN Community Standard Ver. 1.0 • Defines the full-specification of GSN • Goal •Goal which the systems should ensure •Goal is further decomposed to sub-goals •Context •Any material (e.g., documents) under which the argument holds •Strategy •Indicates how a goal is decomposed •Solution •Evidence which support the argument Solution Strategy Goal Context
Kenji Taguchi@AIST Subordinate Case Pattern • This pattern is derived from the subordinate process pattern. Safety analysis Includes threat analysis All threat which may cause hazards are identified.
Kenji Taguchi@AIST Interrelated (Independent) Case Pattern Trade-off analysis is Carried out here
Kenji Taguchi@AIST Related work • Many works on safety cases – No need to mention. • A few work security cases – Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: Motivation and the state of the art – Goodenough, J., Lipson, H.F.,Weinstock, C.B.: Arguing security - creating security assurance cases. • Interactions between safety case and security case – Bloomfield, R.E., Netkachova, K., Stroud, R.J.: Security-informed safety: If it‘s not secure, it's not safe. • Build a safety case first and analyze the impact on that safety case from security. Our approach does not provide any means to analyze feature interactions between safety and security, and only provides possible combinations in process and case patterns.
Kenji Taguchi@AIST Conclusion  Our contributions are twofold:  Process patterns are provided which show how safety and security processes could be integrated based on survey on existing standards and research.  Case patterns are then derived from those process patterns.  These patterns would help practitioners working on safety critical systems how to develop their own safety/security engineering processes and what critical issues they should address.  Future work  In railway standards, it is not yet certain how a safety case (EN 50126/IEC 62278) could include security features. Our case patterns show some baseline to fill this gap.  Currently we are planning to incorporate security features into CAA (The Civil Aviation Authority)‘s safety case in a subordinate approach  IN-2014/184: Small Unmanned Aircraft: Congested Areas Case (CAOSC). Operating Safety

Recommended

WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Kenji Taguchi
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
2020 safecomp-sep18
2020 safecomp-sep182020 safecomp-sep18
2020 safecomp-sep18
Kenji Taguchi
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
Kenji Taguchi
 
Linking Traceability with GSN (Assure 2014)
Linking Traceability with GSN (Assure 2014)Linking Traceability with GSN (Assure 2014)
Linking Traceability with GSN (Assure 2014)
Kenji Taguchi
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
Seungjoo Kim
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
AdaCore
 

Recommended

WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Kenji Taguchi
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
2020 safecomp-sep18
2020 safecomp-sep182020 safecomp-sep18
2020 safecomp-sep18
Kenji Taguchi
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
Kenji Taguchi
 
Linking Traceability with GSN (Assure 2014)
Linking Traceability with GSN (Assure 2014)Linking Traceability with GSN (Assure 2014)
Linking Traceability with GSN (Assure 2014)
Kenji Taguchi
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
Seungjoo Kim
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
AdaCore
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Vishnu Kesarwani
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
Bernhard Kaiser
 
IEC 61511 introduction
IEC 61511 introduction IEC 61511 introduction
IEC 61511 introduction
KoenLeekens
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
Naveen Koyi
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
Torben Haagh
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
Axel Rennoch
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety Case
IQPC
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
Living Online
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
John Kingsley
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
CISEC
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety Standards
Design World
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
Ahmed Gamal
 
NEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guideNEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guide
Rianne Boek
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile Environments
PECB
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
iaemedu
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
IAEME Publication
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
iaemedu
 

More Related Content

What's hot

Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Vishnu Kesarwani
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
Bernhard Kaiser
 
IEC 61511 introduction
IEC 61511 introduction IEC 61511 introduction
IEC 61511 introduction
KoenLeekens
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
Naveen Koyi
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
Torben Haagh
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
Axel Rennoch
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety Case
IQPC
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
Living Online
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
John Kingsley
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
CISEC
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety Standards
Design World
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
Mowaten Masry
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
Ahmed Gamal
 
NEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guideNEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guide
Rianne Boek
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 

What's hot (18)

Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
An approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyzeAn approach towards sotif with ansys medini analyze
An approach towards sotif with ansys medini analyze
 
IEC 61511 introduction
IEC 61511 introduction IEC 61511 introduction
IEC 61511 introduction
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas InstrumentsSOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
SOTIF Conference 2019 - APTIV, Toyota, Delphi Tech, Texas Instruments
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
 
Cost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety CaseCost Effective Outcomes from FPSO Safety Case
Cost Effective Outcomes from FPSO Safety Case
 
Safety Instrumentation
Safety Instrumentation Safety Instrumentation
Safety Instrumentation
 
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
Safety instrumented functions (sif) safety integrity level (sil) evaluation t...
 
20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment20140121 cisec-safety criticalsoftwaredevelopment
20140121 cisec-safety criticalsoftwaredevelopment
 
Complying with New Functional Safety Standards
Complying with New Functional Safety StandardsComplying with New Functional Safety Standards
Complying with New Functional Safety Standards
 
35958867 safety-instrumented-systems
35958867 safety-instrumented-systems35958867 safety-instrumented-systems
35958867 safety-instrumented-systems
 
Safety instrumented systems angela summers
Safety instrumented systems angela summers Safety instrumented systems angela summers
Safety instrumented systems angela summers
 
NEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guideNEN_SIL Platform_Risk matrix guide
NEN_SIL Platform_Risk matrix guide
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
 

Similar to Safe & Sec Case Patterns (ASSURE 2015)

A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile Environments
PECB
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
iaemedu
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
IAEME Publication
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
iaemedu
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
iaemedu
 
Agile security
Agile securityAgile security
Agile security
Arthur Donkers
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
ijcisjournal
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
IRJET Journal
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
ISA Interchange
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Seungjoo Kim
 
Security Introspection for Software Reuse
Security Introspection for Software ReuseSecurity Introspection for Software Reuse
Security Introspection for Software Reuse
IRJET Journal
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
Vincenzo De Florio
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
Conferencias FIST
 
SAFECode_Agile_Dev_Security0712
SAFECode_Agile_Dev_Security0712SAFECode_Agile_Dev_Security0712
SAFECode_Agile_Dev_Security0712
Vishal Asthana, CISSP
 
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
cscpconf
 

Similar to Safe & Sec Case Patterns (ASSURE 2015) (20)

A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile Environments
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
 
A model based security requirements engineering framework
A model based security requirements engineering frameworkA model based security requirements engineering framework
A model based security requirements engineering framework
 
Agile security
Agile securityAgile security
Agile security
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
Dynamic Validity Period Calculation of Digital Certificates Based on Aggregat...
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORKPROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
Security Introspection for Software Reuse
Security Introspection for Software ReuseSecurity Introspection for Software Reuse
Security Introspection for Software Reuse
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
 
SAFECode_Agile_Dev_Security0712
SAFECode_Agile_Dev_Security0712SAFECode_Agile_Dev_Security0712
SAFECode_Agile_Dev_Security0712
 
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
 

Recently uploaded

Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 

Recently uploaded (20)

Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 

Safe & Sec Case Patterns (ASSURE 2015)

  • 1. Kenji Taguchi@AIST 3rd International Workshop on Assurance Cases for Software-intensive Systems (ASSURE) 2015 Safe & Sec Case Patterns 2015 September 22 National Institute of Advanced Industrial Science and Technology Information Technology Research Institute Software Analytics Research Group Kenji Taguchi, Daisuke Souma, Hideaki Nishihara
  • 2. Kenji Taguchi@AIST General Background • Many industrial sectors, which manufacture safety intensive systems e.g., automotive, railway, etc., now face technical challenges how to integrate and harmonize issues on safety in addition to security for their systems. • After the stuxnet incident, any safety critical systems, even not linked to any network are under the imminent threats for security vulnerabilities. • Can we treat safety and security separately? Are there any interactions between safety and security? The answer is YES and we need to tackle issues how to integrate them. • From safety point of view, security is of great importance. Since some (safety-related) hazardous events (such as car crash, derailing, etc,.) could be caused by hardware/software failures and/or malicious attacks, thereby we need to identify and analyze potential hazards/threats, their combinations and their associated risks in a systematic way, and build a new assurance framework for safety and security.
  • 3. Kenji Taguchi@AIST Background: Security in Automotive Industry • The automotive industry has been experiencing sudden changes of security demands. – Markey report 2014 – Class action against Ford, GM and Toyota 2015 – Recall of Chrysler Jeep Cherokee 2015 – Spy Car Act bill 2015 Markey report Spy Car Act Bill Class action Recall
  • 4. Kenji Taguchi@AIST • Many industrial sectors are standardizing safety and security standards. • There are several critical issues in those standardizations: • In most cases, harmonization of the both standards are neither well considered nor well understood. • Major stakeholders are becoming to aware that there are many critical issues involved in how to harmonize both standards. ARP 4754A Safety DO-326A Security ISO 26262 Safety ? Security IEC 62278 RAMS IEC 62280 Security Background: Security and Safety Standards
  • 5. Kenji Taguchi@AIST Background: Integrating standards for Automotive Case ISO 26262 Safety ? Security IEC 62443 ISO/IEC 15408 J3061 Cybersecurity Guidebook (SAE) VDA (German Association of the Automotive industry) • Harmonized style is required • Dual certification would be a challenge Or ISO 26262 Safety Incorporate Security features • Interference analysis could not be sufficient. • Certification cost would be more than doubled. There are several possibilities at what level this integration could be achieved. Otherwise
  • 6. Kenji Taguchi@AIST Background: SafSec Methodology and Automotive case Def-Stan 00-56 Safety ISO/IEC 15408 Security Assurance Framework based on Dependability Case ISO 26262 Safety Security J3061 Cybersecurity Guidebook (SAE) Safety Case Cybersecurity Case Possible Future SafSec Standard/Guideline Need a new assurance framework based on Safety and Security Cases? +
  • 7. Kenji Taguchi@AIST Aims of Our Research • Provide process patterns for the guidance on the design of the system development process, which integrates safety and security engineering processes. – There is no well-accepted development process which includes both safety and security engineering so we presented some current practice/proposals in patterns. – Process patterns are derived from an extensive survey on existing safety/security standards/guidelines and research, and our experience with industrial partners in railway (and automotive) industry. – Limitations: • Only dealt with at the early stage of the system development lifecycle. • No evaluation has not been done yet. • Provide case patterns derived from the process patterns, which provide the insight on how a safety case and a security case could be constructed/integrated. – Some assumption: • In near future, many security standards would demand the submission of security cases. – E.g., J-3061 “Cybersecurity guidebook for Cyber-physical automotive systems” by SAE mentions on a cyber-security case. • There would be a critical issue on how to integrate a safety case mandated by a safety standard and a security case mandated by a security standard.
  • 8. Kenji Taguchi@AIST Assumption: Process level • Only a part of safety concept phase is dealt with in this paper. – E.g., Part 3 of ISO 26262, the safety concept phase. Safety concept phase ISO 26262
  • 9. Kenji Taguchi@AIST Basic Process Pattern • Basic process is a very generic process commonly found in functional safety standards. • No interactions between the security and safety processes. • Assumption: – Security process may have a identical process (functional security view).
  • 10. Kenji Taguchi@AIST Subordinate Process Pattern • Some of activities related to security are subordinate to its counterparts in safety. – Requirements: • Need methodological supports, e.g, safety analysis method which also can analyze security threats. • This view appears to be predominant in the safety critical systems community. The above tree represents a methodological support for the subordinate approach, which integrates Fault Tree (FT) analysis with Attack Tree (AT) analysis. Steiner, M., Liggesmeyer, P.: Combination of Safety and Security Analysis - Find- ing Security Problems That Threaten The Safety of a System.
  • 11. Kenji Taguchi@AIST Uni-Directional Reference Process Pattern • Security and safety processes are separated but the security part will refer to some results of the safety part. • This process pattern can be witnessed in the airworthiness security standard DO-326A. • This process pattern is also safety pre-dominant, since information flows from safety to security. – Remark: • Bi-directional Reference Process Pattern could be possible, but it would be the most complex and the worst cost-effective process.
  • 12. Kenji Taguchi@AIST Interrelated (Independent) Process Pattern • Security and safety processes run independently, but the trade-off analysis on risk reduction measures (safety requirements) and mitigation methods (security requirements) should be carried out. – It is witnessed in FP7 SESAMO Project. • The aim of the analysis is to identify potential feature interaction between functional safety requirements and security requirements. – For instance, timing constraints on a functional safety requirement may be interfered by time-consuming encryption mechanism of security requirement.
  • 13. Kenji Taguchi@AIST SafSec Process Pattern • This process pattern is derived from the SafSec standard/guidelines by UK MOD and Praxis. • The aim of this standard/guideline is to certify military equipment under the Def-Stan 00-56 (software safety) and Common Criteria (security). • It converges hazards and threats as losses, which is carried out at the Loss Op meeting, where security experts and safety experts get together to merge hazards and threats.
  • 14. Kenji Taguchi@AIST Process Patterns (Remaining Issues) • Evaluations on each process pattern is on-going work. – This classification shows there would be several options how to integrate safety and security engineering processes. – Some evaluation criteria should be established. • There are some other issues which do not explicitly appear in these patterns. – Integration of safety analysis and security analysis – Integration of safety and security assessments. • How can we uniformly assess safety risks and security risks even they are based on different matrixes (integrity levels)? – Analysis on feature interaction between safety and security • For instance, could we effectively perform the trade-off analysis at this early stage? • Since at this stage, safety and security requirements are still abstract and feature interactions between them might not be clearly identified yet.
  • 15. Kenji Taguchi@AIST Safe & Sec Case Patterns • *-cases are required for more than one system attribute. – Existing *-cases • Safety case • Reliability and maintainability case • Dependability case • (Cyber) security case • If more then one case is required, how to integrate them is of great importance to practitioners. • We will show how cases called Safe & Sec Case Patterns could be provided which reflect process patterns presented on the previous slides. – These patterns are represented at the abstract level. • The Safe & Sec Case Patterns are represented in GSN (Goal Structuring Notation).
  • 16. Kenji Taguchi@AIST GSN (Goal Structuring Notation) • A graphical notation for representing an argument (T. Kelly) – GSN Community Standard Ver. 1.0 • Defines the full-specification of GSN • Goal •Goal which the systems should ensure •Goal is further decomposed to sub-goals •Context •Any material (e.g., documents) under which the argument holds •Strategy •Indicates how a goal is decomposed •Solution •Evidence which support the argument Solution Strategy Goal Context
  • 17. Kenji Taguchi@AIST Subordinate Case Pattern • This pattern is derived from the subordinate process pattern. Safety analysis Includes threat analysis All threat which may cause hazards are identified.
  • 18. Kenji Taguchi@AIST Interrelated (Independent) Case Pattern Trade-off analysis is Carried out here
  • 19. Kenji Taguchi@AIST Related work • Many works on safety cases – No need to mention. • A few work security cases – Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: Motivation and the state of the art – Goodenough, J., Lipson, H.F.,Weinstock, C.B.: Arguing security - creating security assurance cases. • Interactions between safety case and security case – Bloomfield, R.E., Netkachova, K., Stroud, R.J.: Security-informed safety: If it‘s not secure, it's not safe. • Build a safety case first and analyze the impact on that safety case from security. Our approach does not provide any means to analyze feature interactions between safety and security, and only provides possible combinations in process and case patterns.
  • 20. Kenji Taguchi@AIST Conclusion  Our contributions are twofold:  Process patterns are provided which show how safety and security processes could be integrated based on survey on existing standards and research.  Case patterns are then derived from those process patterns.  These patterns would help practitioners working on safety critical systems how to develop their own safety/security engineering processes and what critical issues they should address.  Future work  In railway standards, it is not yet certain how a safety case (EN 50126/IEC 62278) could include security features. Our case patterns show some baseline to fill this gap.  Currently we are planning to incorporate security features into CAA (The Civil Aviation Authority)‘s safety case in a subordinate approach  IN-2014/184: Small Unmanned Aircraft: Congested Areas Case (CAOSC). Operating Safety