TY - GEN
T1 - The Marriage Between Safety and Cybersecurity
T2 - 27th International Symposium on Model Checking Software, SPIN 2021
AU - Stoelinga, Marielle
AU - Kolb, Christina
AU - Nicoletti, Stefano M.
AU - Budde, Carlos E.
AU - Hahn, Ernst Moritz
N1 - Funding Information:
This work was partially funded by ERC Consolidator Grant 864075 (CAESAR).
Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021/8/3
Y1 - 2021/8/3
N2 - Emerging technologies, like self-driving cars, drones, and the Internet-of-Things must not impose threats to people, neither due to accidental failures (safety), nor due to malicious attacks (security). As historically separated fields, safety and security are often analyzed in isolation. They are, however, heavily intertwined: measures that increase safety often decrease security and vice versa. Also, security vulnerabilities often cause safety hazards, e.g. in autonomous cars. Therefore, for effective decision-making, safety and security must be considered in combination. This paper discusses three major challenges that a successful integration of safety and security faces: (1) The complex interaction between safety and security (2) The lack of efficient algorithms to compute system-level risk metrics (3) The lack of proper risk quantification methods. We will point out several research directions to tackle these challenges, exploiting novel combinations of mathematical game theory, stochastic model checking, as well as the Bayesian, fuzzy, and Dempster-Schafer frameworks for uncertainty reasoning. Finally, we report on early results in these directions.
AB - Emerging technologies, like self-driving cars, drones, and the Internet-of-Things must not impose threats to people, neither due to accidental failures (safety), nor due to malicious attacks (security). As historically separated fields, safety and security are often analyzed in isolation. They are, however, heavily intertwined: measures that increase safety often decrease security and vice versa. Also, security vulnerabilities often cause safety hazards, e.g. in autonomous cars. Therefore, for effective decision-making, safety and security must be considered in combination. This paper discusses three major challenges that a successful integration of safety and security faces: (1) The complex interaction between safety and security (2) The lack of efficient algorithms to compute system-level risk metrics (3) The lack of proper risk quantification methods. We will point out several research directions to tackle these challenges, exploiting novel combinations of mathematical game theory, stochastic model checking, as well as the Bayesian, fuzzy, and Dempster-Schafer frameworks for uncertainty reasoning. Finally, we report on early results in these directions.
KW - attack trees
KW - fault tree-attack tree integration
KW - fault trees
KW - interaction
KW - model-based
KW - safety
KW - security
U2 - 10.1007/978-3-030-84629-9_1
DO - 10.1007/978-3-030-84629-9_1
M3 - Conference contribution
AN - SCOPUS:85113710645
SN - 9783030846282
VL - 12864
T3 - Lecture Notes in Computer Science
SP - 3
EP - 21
BT - Model Checking Software - 27th International Symposium, SPIN 2021, Proceedings
A2 - Laarman, Alfons
A2 - Sokolova, Ana
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 12 July 2021 through 12 July 2021
ER -