Integrated design framework for facilitating systems-theoretic process analysis.
Altaf, Amna; Faily, Shamal; Dogan, Huseyin; Thron, Eylem; Mylonas, Alexios
M. Angela Sasse
Jorge Maestre Vidal
Marco Antonio Sotelo Monge
Systems-Theoretic Process Analysis (STPA) helps mitigate identified safety hazards leading to unfortunate situations. Usually, a systematic step-by-step approach is followed by safety experts irrespective of any software based tool-support, but identified hazards should be associated with security risks and human factors issues. In this paper, a design framework using Integrating Requirements and Information Security (IRIS) and open source Computer Aided Integration of Requirements and Information Security (CAIRIS) tool-support is used to facilitate the application of STPA. Our design framework lays the foundation for resolving safety, security and human factors issues for critical infrastructures. We have illustrated this approach with a case study based on real life Cambrian Coast Line Railway incident.
ALTAF, A., FAILY, S., DOGAN, H., THRON, E. and MYLONAS, A. 2022. Integrated design framework for facilitating systems-theoretic process analysis. In Katsikas, S., Lambrinoudakis, C., Cuppens, N. et al (eds.) Computer security: 26th European symposium on research in computer security (ESORICS 2021) international workshops: selected papers from 7th workshop on the security of industrial control systems of cyber-physical systems (CyberICPS 2021), co-located with SECPRE, ADIoT, SPOSE, CPS4CIP, CDT and SECOMANE, 4-8 October 2021, Darmstadt, Germany. Lecture notes in computer science (LNCS), 13106. Cham: Springer [online], pages 58-73. Available from: https://doi.org/10.1007/978-3-030-95484-0_4
|Conference Name||7th Workshop on the security of industrial control systems and of cyber-physical systems (CyberICPS 2021), co-located with the 26th European symposium on research in computer security (ESORICS 2021)|
|Conference Location||Darmstadt, Germany|
|Start Date||Oct 4, 2021|
|End Date||Oct 8, 2021|
|Acceptance Date||Sep 11, 2021|
|Online Publication Date||Feb 8, 2022|
|Publication Date||Dec 31, 2022|
|Deposit Date||Oct 5, 2021|
|Publicly Available Date||Feb 9, 2023|
|Series Title||Lecture notes in computer science (LNCS)|
|Series ISSN||0302-9743 ; 1611-3349|
|Book Title||Computer security: ESORICS 2021 international workshops: revised selsected papers from CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, CDT and SECOMANE, 4-8 October 2021, Darmstadt, Germany|
|Keywords||Systems-theoretic process analysis (STPA); Integrating reuirements and information security (IRIS); Computer-aided integration of requirements and information security (CAIRIS); Critical infrastructure; Safety; Systems security; Rail industry; Human-compu|
ALTAF 2022 Integrated design framework (AAM)
You might also like
Automation and cyber security risks on the railways: the human factors implications.
Presentation / Conference
Cybersecurity user requirements analysis: the ECHO approach.
Use-case informed task analysis for secure and usable design solutions in rail.
Visualising personas as goal models to find security tensions.
Evaluating privacy: determining user privacy expectations on the web.