Amna Altaf
Integrated design framework for facilitating systems-theoretic process analysis.
Altaf, Amna; Faily, Shamal; Dogan, Huseyin; Thron, Eylem; Mylonas, Alexios
Authors
Shamal Faily
Huseyin Dogan
Eylem Thron
Alexios Mylonas
Contributors
Sokratis Katsikas
Editor
Costas Lambrinoudakis
Editor
Nora Cuppens
Editor
John Mylopoulos
Editor
Christos Kalloniatis
Editor
Weizhi Meng
Editor
Steven Furnell
Editor
Frank Pallas
Editor
J�rg Pohle
Editor
M. Angela Sasse
Editor
Habtamu Abie
Editor
Silvio Ranise
Editor
Luca Verderame
Editor
Enrico Cambiaso
Editor
Jorge Maestre Vidal
Editor
Marco Antonio Sotelo Monge
Editor
Abstract
Systems-Theoretic Process Analysis (STPA) helps mitigate identified safety hazards leading to unfortunate situations. Usually, a systematic step-by-step approach is followed by safety experts irrespective of any software based tool-support, but identified hazards should be associated with security risks and human factors issues. In this paper, a design framework using Integrating Requirements and Information Security (IRIS) and open source Computer Aided Integration of Requirements and Information Security (CAIRIS) tool-support is used to facilitate the application of STPA. Our design framework lays the foundation for resolving safety, security and human factors issues for critical infrastructures. We have illustrated this approach with a case study based on real life Cambrian Coast Line Railway incident.
Citation
ALTAF, A., FAILY, S., DOGAN, H., THRON, E. and MYLONAS, A. 2022. Integrated design framework for facilitating systems-theoretic process analysis. In Katsikas, S., Lambrinoudakis, C., Cuppens, N. et al (eds.) Computer security: 26th European symposium on research in computer security (ESORICS 2021) international workshops: selected papers from 7th workshop on the security of industrial control systems of cyber-physical systems (CyberICPS 2021), co-located with SECPRE, ADIoT, SPOSE, CPS4CIP, CDT and SECOMANE, 4-8 October 2021, Darmstadt, Germany. Lecture notes in computer science (LNCS), 13106. Cham: Springer [online], pages 58-73. Available from: https://doi.org/10.1007/978-3-030-95484-0_4
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 7th Workshop on the security of industrial control systems and of cyber-physical systems (CyberICPS 2021), co-located with the 26th European symposium on research in computer security (ESORICS 2021) |
Start Date | Oct 4, 2021 |
End Date | Oct 8, 2021 |
Acceptance Date | Sep 11, 2021 |
Online Publication Date | Feb 8, 2022 |
Publication Date | Dec 31, 2022 |
Deposit Date | Oct 5, 2021 |
Publicly Available Date | Feb 9, 2023 |
Publisher | Springer |
Peer Reviewed | Peer Reviewed |
Pages | 58-73 |
Series Title | Lecture notes in computer science (LNCS) |
Series Number | 13106 |
Series ISSN | 0302-9743 ; 1611-3349 |
Book Title | Computer security: ESORICS 2021 international workshops: revised selsected papers from CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, CDT and SECOMANE, 4-8 October 2021, Darmstadt, Germany |
ISBN | 9783030954833 |
DOI | https://doi.org/10.1007/978-3-030-95484-0_4 |
Keywords | Systems-theoretic process analysis (STPA); Integrating reuirements and information security (IRIS); Computer-aided integration of requirements and information security (CAIRIS); Critical infrastructure; Safety; Systems security; Rail industry; Human-compu |
Public URL | https://rgu-repository.worktribe.com/output/1456206 |
Files
ALTAF 2022 Integrated design framework (AAM)
(903 Kb)
PDF
Copyright Statement
This version of the contribution has been accepted for publication after peer review, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record will be available online at: https://link.springer.com/10.1007/978-3-030-95484-0_4. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms.
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search