Author: Zhensheng Guo; Zeckzer, D.; Liggesmeyer, P.; Ma ̈ ckel, O.; AG Software Eng.: Dependability, Univ. of Kaiserslautern, Kaiserslautern, Germany Source:

Slides:



Advertisements
Similar presentations
Joanne Cunningham Trinity College Dublin
Advertisements

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
PROJECT RISK MANAGEMENT
Software Quality Assurance Plan
Risk Analysis for Testing Based on Chapter 9 of Text Based on the article “ A Test Manager’s Guide to Risks Analysis and Management” by Rex Black published.
7.1 A Bridge to Design & Construction
Risk Identification Chapter 6.
Security Controls – What Works
Reliability Risk Assessment
Overview Lesson 10,11 - Software Quality Assurance
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
SWE Introduction to Software Engineering
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
By: Ashwin Vignesh Madhu
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Lucas Phillips Anurag Nanajipuram FAILURE MODE AND EFFECT ANALYSIS.
Testing safety-critical software systems
Presentation on Integrating Management Systems
What is Fault Tree Analysis?
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Codex Guidelines for the Application of HACCP
Software Project Management
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Quality Risk Management Methodology Anthony Cumberlege SAPRAA meeting - Randpark golf club, 20 March 2009.
Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.
Advanced Topics in Requirement Engineering. Requirements Elicitation Elicit means to gather, acquire, extract, and obtain, etc. Requirements elicitation.
Guidance Notes on the Investigation of Marine Incidents
Engineering Risk Assessments and Risk Communication Sarah Arulanandam, Hazard and Risk Group RWDI West Inc. DISCLOSURE OF MATERIAL ENVIRONMENTAL EXPOSURES:
Requirements Elicitation. Who are the stakeholders in determining system requirements, and how does their viewpoint influence the process? How are non-technical.
Root Cause Tutorial Page 1 More on Hazard Identification Techniques 1.Identify potential hazards that could threaten the safety of your employees,
Software availability –the probability that a program is operating according to requirements at a given point in time. Availability = (MTTF/MTBF) x 100.
FAULT TREE ANALYSIS (FTA). QUANTITATIVE RISK ANALYSIS Some of the commonly used quantitative risk assessment methods are; 1.Fault tree analysis (FTA)
Checking Fault Tolerance in Safety and Security-Critical Systems.
Software Testing and Quality Assurance Software Quality Assurance 1.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
27/3/2008 1/16 A FRAMEWORK FOR REQUIREMENTS ENGINEERING PROCESS DEVELOPMENT (FRERE) Dr. Li Jiang School of Computer Science The.
ME 4054W: Design Projects RISK MANAGEMENT. 2 Lecture Topics What is risk? Types of risk Risk assessment and management techniques.
WERST – Methodology Group
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
WHAT IF ANALYSIS USED TO IDENTIFY HAZARDS HAZARDOUS EVENTS
Inferring Declarative Requirements Specification from Operational Scenarios IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 24, NO. 12, DECEMBER, 1998.
1 Lecture 12: Chapter 16 Software Quality Assurance Slide Set to accompany Software Engineering: A Practitioner’s Approach, 7/e by Roger S. Pressman Slides.
Fault Tree Analysis of the HERMES CubeSat
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 16 – IT Security.
DARSHANA RAGHU MANAGEMENT. Risk Management Risk management is the identification, assessment, and prioritization of risks followed by coordinated and.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
Failure Modes, Effects and Criticality Analysis
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
An Integrated Model-Based Approach to System Safety and Aircraft System Architecture Development Eric Villhauer – Systems Engineer Brian Jenkins – System.
Fault Trees.
Disaster and Emergency Planning
Security Risk Analysis & Management
Software Quality Assurance
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Safety and Risk.
Chapter 21 Software Quality Assurance
Quality Risk Management
Hazards Planning and Risk Management Risk Analysis and Assessment
Chapter 21 Software Quality Assurance
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Knowing When to Stop: An Examination of Methods to Minimize the False Negative Risk of Automated Abort Triggers RAM XI Training Summit October 2018 Patrick.
Software Engineering for Safety: a Roadmap
A New Concept for Laboratory Quality Management Systems
Project Risk Management Jiwei Ma
Review and comparison of the modeling approaches and risk analysis methods for complex ship system. Author: Sunil Basnet.
Presentation transcript:

Author: Zhensheng Guo; Zeckzer, D.; Liggesmeyer, P.; Ma ̈ ckel, O.; AG Software Eng.: Dependability, Univ. of Kaiserslautern, Kaiserslautern, Germany Source: Software Engineering Advances (ICSEA), 2010 Fifth International Conference Presented by Jui-Lung Yao, Master Student of CSIE, CCU Identification of Security-Safety Requirements for the outdoor robot RAVON using Safety Analysis Techniques 1

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 2

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 3

Introduction In order to identify such security-safety requirements, e.g., security attacks that have safety consequences, it is important to find effective techniques for concurrently identifying possible safety failures, their probabilities, and countermeasures and security attacks, vulnerabilities, likelihoods, and protection measures. 4

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 5

Identify the requirement In order to identify the requirements, it is essential to elicit the possible requirements from the different stakeholders. During requirements elicitation, the developers try to talk to possible stakeholders with the aim of identifying a complete set of requirements. Scenarios-based techniques are widely used both in theory and in industry. 6

Scenarios-based techniques Scenario descriptions based on domain-related terms are often expressed using natural language. Scenarios may be represented in a variety of media, either natural language text, graphics, images, videos or designed prototypes. Furthermore, it may exist a modeling language providing semi-formal / formal notations 7

Scenarios-based techniques A general narrative scenario example 8

Goal Structuring Notation (GSN) The Goal Structuring Notation (GSN) explicitly represents the individual elements of any safety argument (requirements, claims, evidence and context) and (perhaps more significantly) the relationships that exist between these elements (i.e. how individual requirements are supported by specific claims, how claims are supported by evidence and the assumed context that is defined for the argument). 9

Goal Structuring Notation (GSN) A graphical argumentation notation. 10

Goal-Directed Requirements Acquisition (KAOS) A conceptual model for acquiring and structuring requirements models, with an associated acquisition language. A set of strategies for elaborating requirements models in KAOS framework. An automated assistant to provide guidance in the acquisition process according to such strategies. 11

Goal-Directed Requirements Acquisition (KAOS) (Organizational) goals lead to requirements. Goals justify and explain requirements which are not necessarily comprehensible by stakeholders. Goals can be used to assign responsibilities to agents so that prescribed constraints can be met. Goals provide basic information for detecting and resolving conflicts that arise from multiple viewpoints 12

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 13

Failure modes and effects analysis FMEA developed as a formal methodology in the 1960s in response to the special safety needs of the aircraft industry. A FMEA is a procedure in product development and operations management for analysis of potential failure modes within a system for classification by the severity and likelihood of the failures. 14

Fault tree analysis Fault tree analysis (FTA) is a top down, deductive failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events. 15

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 16

Security analysis techniques Fault tree analysis for security (sometimes referred to as threat tree or attack tree analysis) is a top-down approach to identifying vulnerabilities. In a fault tree, the attacker's goal is placed at the top of the tree. Then, the analyst documents possible alternatives for achieving that attacker goal. 17

Security analysis techniques (cont’d) For each alternative, the analyst may recursively add precursor alternatives for achieving the subgoals that compose the main attacker goal. This process is repeated for each attacker goal. By examining the lowest level nodes of the resulting attack tree, the analyst can then identify all possible techniques for violating the system's security; preventions for these techniques could then be specified as security requirements for the system. 18

Security analysis techniques (cont’d) Failure Modes and Effects Analysis (FMEA) is a bottom-up approach for analyzing possible security failures. The consequences of a simultaneous failure of all existing or planned security protection mechanisms are documented, and the impact of each failure on the system's mission and stakeholders is traced. 19

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 20

Safety and Security analysis techniques 1. Identification of analysis objects. 2. Qualitative and quantitative analysis. 3. For the safety domain, failure causes, modes, effects, hazards, probability and cost of the risk exposure are used. 4. In contrast, for the security domain, attacks, vulnerability, likelihood, financial losses, protective measures, etc. are utilized. 5. Prioritization of the functions. 21

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 22

Case study This case study was performed on the Robust Autonomous Vehicle for Off-road Navigation (RAVON) RAVON is an automatic outdoor robot, which is designed for supporting human beings in dangerous areas or dangerous activities such as fire extinguishing, handling of toxic materials, etc. 23

Case study The robot weighs around 750 kg and can navigate in the field using sensors like 2-D scanners, 3-D scanners, GPS receivers, and controllers such as industry PCs, as well as software controllers, actuators, and motors. It can move with a maximum speed of 3 meters per second. 24

Case study 25 First of all, a bottom-up safety analysis such as FME(C)A will be performed to identify possible failure reasons, failure modes, and failure effects or hazards that are associated with the identified functions. Afterwards, a fault tree analysis could be conducted based on a selected failure behavior and its possible causes.

Case study 26 Safety fault tree The figure shows the possible causes of the malfunction of the bumper.

Case study 27 Security attack tree In this figure, the top event "RAVON fails" occurs if one of the following attacks is successful : "physical attack" or "attack via software".

Case study 28 Security-safety fault tree In the Figure, the bumper related security tree branch "safety control deactivated" is added in the safety fault tree as an intermediate event under intermediate event "bumper contact bar fails".

Case study 29 Safety control software as mentioned in the fault tree analysis.  “ The safety bumper should ensure the functionality of the safety chain”. According to the performed security-safety analysis, they could derive the following security-safety requirements:

Case study 30  “The safety bumper should ensure the functionality of the safety chain. A monitoring mechanism should check the current status of the bumper continuously.  If a defect of the bumper is detected, the RAVON braking system will be activated and the wheels will be stopped immediately.  In addition, a firewall and an up-to-date antivirus application should be installed in RAVON, in order to protect RAVON from unauthorized and unauthenticated remote access.”

Outline Introduction Identify the requirement Safety analysis techniques Security analysis techniques Safety and Security analysis techniques Case study Conclusion & Future work 31

Conclusion In this paper, they have described how safety analysis techniques can help to facilitate identification of security-safety requirements.. A mapping and comparison of the two models after the security and safety analysis is unavoidable in Harmonizing the security and safety requirements. 32

Conclusion The case study shows that this drawback can be resolved better, more cost-efficiently, and more effectively by using one identical model that is constructed by safety analysis techniques. 33

Future work The conflict between these two types of requirements was not addressed. Investigation aimed at adapting other safety analysis techniques to security analysis. The derivation of the security-safety requirements is currently performed manually based on the functional requirements and safety analysis results (e.g., failure modes and countermeasures). 34

Thanks for your listening 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.