Cited By
View all- Raynaud ASerru TNguyen N(2024)Attack Scenarios Generation Algorithm Based on Discrete Event System FormalismACM SIGAda Ada Letters10.1145/3672359.367237643:2(100-104)Online publication date: 7-Jun-2024
Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences
Article No.: 17, Pages 1 - 20
Abstract
Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria.
In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.
References
[1]
Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model-Checking. MIT Press, Cambridge, MA.
[2]
Michel Batteux, Tatiana Prosvirnova, and Antoine Rauzy. 2019. AltaRica 3.0 in 10 modeling patterns. Int. J. Crit. Comput.-Based Syst. 9, 1–2 (2019), 133–165.
[3]
Michel Batteux, Tatiana Prosvirnova, and Antoine Rauzy. 2022. A guided tour of AltaRica wizard, the AltaRica 3.0 integrated modeling environment. In Proceedings of the 32nd European Safety and Reliability Conference (ESREL’22), Maria Chiara Leva, Edoardo Patelli, Luca Podofillini, and Simon Wilson (Eds.). 2246–2253. Retrieved from https://www.rpsonline.com.sg/proceedings/esrel2022/html/S09-09-308.xml.
[4]
Steven M. Bellovin. 2006. On the brittleness of software and the infeasibility of security metrics. IEEE Secur. Priv. 4, 4 (July2006), 96–96. DOI:
[5]
Armin Biere, Alessandro Cimatti, Edmund M. Clarke, Ofer Strichman, and Yunshan Zhu. 2003. Bounded model checking. In Advances in Computers. Vol. 58. Academic Press, Waltham, MA, 117–148. Retrieved from https://www.cs.cmu.edu/emc/papers/Books%20and%20Edited%20Volumes/Bounded%20Model%20Checking.pdf.
[6]
Benjamin S. Blanchard and Wolter J. Fabrycky. 2008. Systems Engineering and Analysis. Pearson, Upper Saddle River, NJ.
[7]
Marc Bouissou and Yannick Lefebvre. 2002. A path-based algorithm to evaluate asymptotic unavailability for large Markov models. In Proceedings of the Reliability and Maintainability Symposium. 32–39.
[8]
Marco Bozzano and Adolfo Villafiorita. 2003. Integrating Fault Tree Analysis with Event Ordering Information. Technical Report. Centro per la Ricerca Scientifica e Tecnologica. Retrieved from https://es-static.fbk.eu/tools/FSAP/dissemination/papers/esrel-irst03.pdf.
[9]
Pierre-Antoine Brameret, Antoine Rauzy, and Jean-Marc Roussel. 2015. Automated generation of partial Markov chain from high level descriptions. Reliabil. Eng. Syst. Safe. 139 (July2015), 179–187. DOI:
[10]
Carlos E. Budde, Christina Kolb, and Mariëlle Stoelinga. 2021. Attack trees vs. fault trees: Two sides of the same coin from different currencies. In Quantitative Evaluation of Systems (Lecture Notes in Computer Science), Alessandro Abate and Andrea Marin (Eds.). Springer International Publishing, Cham, 457–467. DOI:
[11]
Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2001. Progress on the state explosion problem in model checking. In Informatics: 10 Years Back, 10 Years Ahead, Reinhard Wilhelm (Ed.). Springer, Berlin, 176–194. DOI:
[12]
Edmund M. Clarke, Orna Grumberg, Daniel Kroening, Doron Peled, and Helmut Veith. 2018. Model Checking (2nd ed.). MIT Press, Cambridge, MA.
[13]
Jérôme Collet. 1996. Some remarks on rare-event approximation. IEEE Trans. Reliabil. 45, 1 (Mar. 1996), 106–108.
[14]
Department of Computer Science, University of Oxford. 2022. PRISM—Probabilistic Symbolic Model Checker. Retrieved from http://www.prismmodelchecker.org/.
[15]
EVITA Project. 2011. EVITA: E-safety vehicle intrusion protected applications. Retrieved from https://www.evita-project.org/.
[16]
Patrice Godefroid. 1996. Partial-Order Methods for the Verification of Concurrent Systems. Springer, Berlin. Retrieved from.
[17]
Stein Hauge and Tor Onshus. 2010. Reliability Data for Safety Instrumented Systems. Sintef, Trondheim, Norway.
[18]
UK Health and Safety Executive. 2017. Failure Rate and Event Data for use within Risk Assessments. Retrieved from https://www.hse.gov.uk/landuseplanning/failure-rates.pdf.
[19]
Hiromitsu Kumamoto and Ernest J. Henley. 1996. Probabilistic Risk Assessment and Management for Engineers and Scientists. Wiley-IEEE Press, Piscataway, NJ. Retrieved from https://ieeexplore.ieee.org/book/5264399.
[20]
Gerard J. Holzmann. 2003. The SPIN Model Checker: Primer and Reference Manual. Addison Wesley, Boston, MA.
[21]
John J. Andrews and Bob Moss. 2002. Reliability and Risk Assessment (2nd ed.). Retrieved from https://www.wiley.com/en-ie/Reliability+and+Risk+Assessment%2C+2nd+Edition-p-9781860582905.
[22]
Siwar Kriaa, Marc Bouissou, and Youssef Laarouchi. 2015. A new safety and security risk analysis framework for industrial control systems. J. Risk Reliabil. 233, 2 (2015), 151–174. DOI:
[23]
Siwar Kriaa, Ludovic Pietre-Cambacedes, Marc Bouissou, and Yoran Halgand. 2015. A survey of approaches combining safety and security for industrial control systems. Reliabil. Eng. Syst. Safe. 139 (2015), 156–178. DOI:
[24]
Orna Kupferman and Moshe Y. Vardi. 2001. Model checking of safety properties. Formal Methods Syst. Design 19, 3 (Nov. 2001), 291–314. DOI:
[25]
Marta Kwiatkowska, Gethin Norman, and David Parker. 2018. Probabilistic model checking: Advances and applications. In Formal System Verification: State-of the-Art and Future Trends, Rolf Drechsler (Ed.). Springer, Cham, 73–121. DOI:
[26]
Timo Latvala. 2003. Efficient model checking of safety properties. In Model Checking Software, Thomas Ball and Sriram K. Rajamani (Eds.), Vol. 2648. Springer, Berlin, 74–88.
[27]
Mathilde Machin, Laurent Sagaspe, and Xavier de Bossoreille. 2018. SimfiaNeo, complex systems, yet simple safety. In Embeded Real Time Software and System conference. Toulouse, France, 4. Retrieved from https://www.erts2018.org/uploads/program/ERTS_2018_paper_9.pdf.
[28]
Marco Ajmone Marsan, Gianfranco Balbo, Gianni Conte, Susanna Donatelli, and Giuliana A. Franceschinis. 1998. Modelling with generalized stochastic petri nets. ACM SIGMETRICS Perform. Eval. Rev. 26, 2 (Aug. 1998), 2. DOI:
[29]
Antoni Mazurkiewicz. 1996. Introduction to trace theory. In The Book of Traces. World Scientific, 3–41. DOI:
[30]
John McHugh. 2006. Quality of protection: Measuring the unmeasurable? In Proceedings of the 2nd ACM Workshop on Quality of Protection. ACM, 1–2. DOI:
[31]
Kenneth L. McMillan. 1993. Symbolic Model Checking. Kluwer Academic Publisher, New York, NY.
[32]
Saoussen Mili, Nga Nguyen, and Rachid Chelouah. 2019. Transformation-based approach to security verification for cyber-physical systems. IEEE Syst. J. 13, 4 (Dec. 2019), 3989–4000.
[33]
Shin-Ichi Minato. 1993. Zero-suppressed BDDs for set manipulation in combinatorial problems. In Proceedings of the 30th ACM/IEEE Design Automation Conference (DAC’93). IEEE, 272–277. DOI:
[34]
Pierre-Yves Piriou, Jean-Marc Faure, and Jean-Jacques Lesage. 2016. A formal definition of minimal cut sequences for dynamic, repairable and reconfigurable systems. In Proceedings of the European Safety and Reliability Conference (ESREL’16). 9. Retrieved from https://hal.archives-ouvertes.fr/hal-01325898/file/ESREL2016_PiriouFaureLesage_V3.pdf.
[35]
Tatiana Prosvirnova and Antoine Rauzy. 2015. Automated generation of minimal cutsets from AltaRica 3.0 models. Int. J. Crit. Comput.-Based Syst. 6, 1 (2015), 50–79. DOI:
[36]
Antoine Rauzy. 2008. Guarded transition systems: A new states/events formalism for reliability studies. J. Risk Reliabil. 222, 4 (2008), 495–505. DOI:
[37]
Antoine Rauzy. 2020. Probabilistic Safety Analysis with XFTA. AltaRica Association. Retrieved from http://www.altarica-association.org/members/arauzy/Publications/pdf/Rauzy2020-XFTABook.pdf.
[38]
Antoine B. Rauzy. 2011. Sequence algebra, sequence decision diagrams and dynamic fault trees. Reliabil. Eng. Syst. Safe. 96, 7 (July 2011), 785–792. DOI:
[39]
Alastair Ruddle, David Ward, Benjamin Weyl, Muhammad Sabir Idrees, Yves Roudier, Michael Friedewald, Timo Leimbach, Andreas Fuchs, Sigi Gurgens, Olaf Henniger, Rieke Roland, Matthias Ritscher, Henrik Broberg, Ludovic Apvrille, Renaud Pacalet, and Gabriel Pedroza. 2010. Security Requirements for Automotive on-board Networks based on Dark-side Scenarios, Deliverable D2.3. Contract EVITA. Telecom ParisTech. Retrieved from https://hal.telecom-paris.fr/hal-02286288.
[40]
Enno Ruijters and Mariëlle Stoelinga. 2015. Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools. Comput. Sci. Rev. 15-16 (Feb. 2015), 29–62. DOI:
[41]
Théo Serru, Nga Nguyen, Michel Batteux, and Antoine Rauzy. 2023. Modeling cyberattack propagation and impacts on cyber-physical system safety: An experiment. Electronics 12, 1 (2023). DOI:
[42]
Théo Serru, Nga Nguyen, Michel Batteux, Antoine Rauzy, Raphael Blaize, Laurent Sagaspe, and Emmanuel Arbaretier. 2022. Generation of cyberattacks leading to safety top event using AltaRica: An automotive case study. In Proceedings of the Congrès Lambda Mu 23 “Innovations et maîtrise des risques pour un avenir durable”—23e Congrès de Maîtrise des Risques et de Sûreté de Fonctionnement, Institut pour la Maîtrise des Risques. 8. Retrieved from https://hal.archives-ouvertes.fr/hal-03814648.
[43]
Zhihua Tang and Joanne B. Dugan. 2004. Minimal cut set/sequence generation for dynamic fault trees. In Proceedings of the Annual Symposium Reliability and Maintainability (RAMS’04). 207–213.
[44]
Jean-Marc Thiriet and Stéphane Mocanu. 2018. Some considerations on dependability issues and cyber-security of cyber-physical systems. In Proceedings of the 7th IEEE International Conference on Smart Communications in Network Technologies (SACONET’18). 6. Retrieved from https://hal.archives-ouvertes.fr/hal-01909025.
[45]
J. D. Weiss. 1991. A system security engineering process. In Proceedings of the 14th National Computer Security Conference, Vol. 249. 572–581.
[46]
Martyn Wingrove. 2018. “Impregnable” radar breached in simulated cyber attack. Retrieved from https://www.rivieramm.com/news-content-hub/news-content-hub/impregnable-radar-breached-in-simulated-cyber-attack-25158.
Index Terms
- Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences
Recommendations
Adding Security Concerns to Safety Critical Certification
ISSREW '14: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering WorkshopsSafety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems ...
Language choice for safety critical applications
The programming languages currently most popular among software engineers for writing safety critical applications are C and, more recently, C++. The Ada language has been designed with software safety in mind. Although Ada is not perfect concerning ...
A UML profile for developing airworthiness-compliant (RTCA DO-178B), safety-critical software
MODELS'07: Proceedings of the 10th international conference on Model Driven Engineering Languages and SystemsMany safety-related, certification standards exist for developing safety-critical systems. System safety assessments are common practice and system certification according to a standard requires submitting relevant software safety information to ...
Comments
Information & Contributors
Information
Published In
July 2023
154 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 13 July 2023
Online AM: 02 May 2023
Accepted: 11 April 2023
Revised: 24 March 2023
Received: 29 July 2022
Published in TCPS Volume 7, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- CY Initiative d’Excellence and Airbus Protect
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 161Total Downloads
- Downloads (Last 12 months)115
- Downloads (Last 6 weeks)4
Reflects downloads up to 10 Aug 2024
Other Metrics
Citations
Cited By
View all- Raynaud ASerru TNguyen N(2024)Attack Scenarios Generation Algorithm Based on Discrete Event System FormalismACM SIGAda Ada Letters10.1145/3672359.367237643:2(100-104)Online publication date: 7-Jun-2024
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in