304
views
0
recommends
+1 Recommend
1 collections
    4
    shares
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Model-based Approach to Interdependency between Safety and Security in ICS

      proceedings-article
      ,
      3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) (ICS-CSR)
      Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
      17 - 18 September 2015
      safety, security, answer set programming, interdependency between safety and security
      Bookmark

            Abstract

            Wide use of modern ICT technologies brings not only communication efficiency, but also security vulnerabilities into industrial control systems. Traditional physically-isolated systems are now required to take cyber security into consideration, which might also lead to system failures. However, integrating security and safety analysis has always been a challenging issue and the various interdependencies between them make it even more difficult, because they might mutually enhance, or undermine. The paper proposes an integrating framework to (i) formalise the desired and undesired properties to be safe(unsafe) or secure(insecure), including the dependencies between them, (ii) evaluate if a query state reaches a safe(unsafe) or secure(insecure) state, and further quantify how safe or secure the state is. In this way,we can accurately capture the benign and harmful relations between safety and security, particularly detecting and measuring conflicting impacts on them. Finally, this framework is implemented by answer set programming to enable automatic evaluation, which is demonstrated by a case study on pipeline transportation.

            Content

            Author and article information

            Contributors
            Conference
            September 2015
            September 2015
            : 31-41
            Affiliations
            [0001]Institute for Security Science and Technology

            Imperial College London

            London, UK
            Article
            10.14236/ewic/ICS2015.4
            b353dfd2-ec78-4a6b-b5bb-7bc8dd3cf817
            © Li et al. Published by BCS Learning & Development Ltd. Proceedings of the 3 rd International Symposium for ICS & SCADA Cyber Security Research 2015

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015)
            ICS-CSR
            3
            Germany
            17 - 18 September 2015
            Electronic Workshops in Computing (eWiC)
            Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2015.4
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            safety,security,answer set programming,interdependency between safety and security

            References

            1. 2007 A unified framework for risk and vulnerability analysis covering both safety and security Reliability Eng. Syst. Safety 92 6 745 754

            2. 2003 Knowledge representation, reasoning and declarative problem solving Cambridge, U.K Cambridge University Press

            3. , 2013 Security-informed safety: If its not secure, its not safe Software Engineering for Resilient Systems Berlin, Germany Springer 17 32

            4. 1999 The integration of safety and security requirements Computer Safety, Reliability and Security Berlin, Germany Springer 468 480

            5. 2011 Potassco: The Potsdam answer set solving collection AI Commun 24 2 107 124

            6. 2009 Advice from belnap policies IEEE 22nd Computer Security Foundations Symposium 234 247

            7. , 2014 Safety and security interactions modeling using the BDMP formalism: Case study of a pipeline Computer Safety, Reliability, and Security Berlin, Germany Springer 326 341

            8. 2015 A survey of approaches combining safety and security for industrial control systems Reliability Eng. Syst. Safety 139 156 178

            9. 2012 Robust control system networks how to achieve reliable control after stuxnet

            10. 2009 D-algebra for composing access control policy decisions Proceedings of the 4th International Symposium on Information, Computer, and Communications Security ACM 298 309

            11. 2007 Common approach to functional safety and system security in building automation and control systems IEEE Conference Emerging Technologies and Factory Automation 1141 1148

            12. 2010 Modeling safety and security interdependencies with BDMP (boolean logic driven markov processes) IEEE International Conference Systems Man and Cybernetics (SMC) 2852 2861

            13. 2010 The SEMA referential framework: Avoiding ambiguities in the terms security and safety Int. J. Critical Infrastruct. Protection 3 2 55 66

            14. 2009 Addressing safety and security contradictions in cyber-physical systems Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW09)

            15. 2014. 2014 A pragmatic approach towards safe and secure medical device integration Computer Safety, Reliability, and Security Berlin, Germany Springer 342 353

            Comments

            Comment on this article