DigitalSE Logo

Introduction to STPA-Sec

Abstract

The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This traditional security approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised, or unnecessary resources are spent on security solutions that are not necessary for system safety or mission success. This chapter presents a systems-theoretic analysis approach that combines a system's mission context and stakeholder perspectives with a modified version of Systems-Theoretic Accident Model and Process (STAMP) that allows decision-makers to strategically enhance the safety, resilience, and security of a system against potential threats. This methodology allows the capture of vital mission-specific information in a model, which then allows analysts to identify and mitigate vulnerabilities in the locations most critical to mission success. This chapter first motivates the need for the approach, then presents an overview of the general approach followed by a real example using an unmanned aerial vehicle conducting a reconnaissance mission.

Leads

Cody Fleming

Iowa State University

Publications

  1. Ahl , V. and Allen , T.F.H. ( 1996 ). Hierarchy Theory: A Vision, Vocabulary, and Epistemology . Columbia University Press .

  2. Bakirtzis , G. , Carter , B.T. , Elks , C.R. , and Fleming , C.H. ( 2018 ). A model-based approach to security analysis for cyber-physical systems . In: 2018 Annual IEEE International Systems Conference (SysCon) (23–26 April 2018), 1 – 8 . New York : IEEE .

  3. Bakirtzis , G. , Ward , G. , Deloglos , C. et al. ( 2020 ). Fundamental challenges of cyber-physical systems security modeling . In: 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)(29 June–2 July 2020), 33 – 36 . New York : IEEE .

  4. Burmester , M. , Magkos , E. , and Chrissikopoulos , V. ( 2012 ). Modeling security in cyber–physical systems . International Journal of Critical Infrastructure Protection 5 ( 3 ): 118 – 126 .

  5. Carter , B.T. , Bakirtzis , G. , Elks , C.R. , and Fleming , C.H. ( 2018 ). A systems approach for eliciting mission-centric security requirements . In: 2018 Annual IEEE International Systems Conference (SysCon) (23–26 April 2018), 1 – 8 . New York : IEEE .

  6. Carter , B.T. , Fleming , C.H. , Elks , C.R. , and Bakirtzis , G. ( 2019 ). Cyber-physical systems modeling for security using SysML . In: Systems Engineering in Context , 665 – 675 . Cham : Springer .

  7. Checkland , P. ( 1999 ). Systems Thinking, Systems Practice: Includes a 30-Year Retrospective . Wiley .

  8. CIAIAC ( 2006 ). Failure of Braking, Accident Occurred on 21 May 1998 to Aircraft Airbus A-320-212 Registration G-UKLL at Ibiza Airport , Balearic Islands. Technical Report, Ministerio de Fomento Subsecreteria, Spain .

  9. Dekker , S. ( 2013 ). The Field Guide to Understanding Human Error: Second Edition . Ashgate Publishing, Ltd .

  10. Dong , A. ( 2012 ). Application of CAST and STPA to railroad safety in China . Master's thesis. Massachusetts Institute of Technology .

  11. Fleming , C.H. , Leveson , N.G. , and Placke M.S. ( 2013 ). Assuring Safety of NextGen Procedures . In Proceedings of the 10th USA/Europe Air Traffic Management Research and Development Seminar (ATM2013) , Chicago, Illinois (10-13 June 2011).

  12. Fleming , C.H . ( 2015 ). Safety-driven early concept analysis and development . PhD dissertations. Massachusetts Institute of Technology .

  13. Fleming , C.H. ( 2017 ). Systems theory and a drive towards model-based safety analysis . In: 2017 Annual IEEE International Systems Conference (SysCon) (24–27 April 2017), 1 – 5 . New York : IEEE .

  14. Fleming , C.H. and Leveson , N.G. ( 2015a ). Integrating systems safety into systems engineering during concept development . INCOSE International Symposium 25 ( 1 ): 989 – 1003 .

  15. Fleming , C.H. , and Leveson , N.G. ( 2015b ). Including safety during early development phases of future air traffic management concepts . In Proc. 11th USA/European Air Traffic Management Seminar, Lisbon, Portugal (23–26 June 2015).

  16. Fleming , C. , Ishimatsu , T. , Miyamoto , Y. , et al. ( 2012 ). Safety guided spacecraft design using model based specifications . In Proceedings of the 5th IAASS Conference, Versaille, France (17–19 October 2011). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .

  17. Fleming , C.H. , Spencer , M. , Thomas , J. et al. ( 2013 ). Safety assurance in nextgen and complex transportation systems . Safety Science 55 : 173 – 187 .

  18. Hawkins , R. , Habli , I. , and Kelly , T. ( 2013 ). The principles of software safety assurance . In: 31st International System Safety Conference (12–16 August 2013). Boston, Massachusetts USA : The International System Safety Society .

  19. Hollnagel , E. , Woods , D.D. , and Leveson , N. ( 2007 ). Resilience Engineering: Concepts and Precepts . Ashgate Publishing, Ltd .

  20. Horowitz , B. , Beling , P. , Fleming , C. et al. ( 2017 ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology Hoboken United States .

  21. Hu , F. ( 2013 ). Cyber-Physical Systems: Integrated Computing and ENGINEERING DEsign . CRC Press .

  22. Ishimatsu , T. , Leveson , N. , Thomas , J. et al. ( 2010 ). Modeling and hazard analysis using STPA . In: Conference of the International Association for the Advancement of Space Safety , Huntsville, Alabama (19–21 May 2010). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .

  23. Ishimatsu , T. , Leveson , N. , Fleming , C. et al. ( 2011 ). Multiple controller contributions to hazards . In: 5th IAASS Conference Versaille, France (17–19 October 2011). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .

  24. JPDO ( 2012 ). Capability Safety Assessment of Trajectory Based Operations v1.1 . Technical Report, Joint Planning and Development Office Capability Safety Assessment Team .

  25. Leveson , N.G. ( 2012 ). Engineering a Safer World . MIT Press .

  26. Mead , N.R. and Woody , C. ( 2016 ). Cyber Security Engineering: A Practical Approach for Systems and Software Assurance . Addison-Wesley Professional .

  27. Mead , N.R. , Morales , J.A. , and Alice , G.P. ( 2015 ). A method and case study for using malware analysis to improve security requirements . International Journal of Secure Software Engineering (IJSSE) 6 ( 1 ): 1 – 23 .

  28. Modarres , M. ( 2006 ). Risk Analysis in Engineering: Techniques, Tools, and Trends . CRC Press .

  29. Nance , J.J. ( 2005 ). Just how secure is airline security?: The Swiss cheese model and what we've really accomplished since 9/11 . ABC News 4 : 12 .

  30. Pereira , S. J. , Lee , G. , and Howard , J. ( 2006 ). A System-Theoretic Hazard Analysis Methodology for a Non-Advocate Safety Assessment of the Ballistic Missile Defense System . Technical Report, DTIC Document .

  31. Rasmussen , N.C. ( 1975 ). Reactor Safety Study: An Assessment of Accident Risks in US Commercial Nuclear Power Plants , vol. 4 . National Technical Information Service .

  32. Reason , J. ( 1990 ). Human Error . Cambridge University Press .

  33. RTCA ( 2008 ). Safety, performance and interoperability requirements document for the in-trail procedure in the oceanic airspace (ATSA-ITP) application . DO-312, Washington, DC .

  34. SAE ( 1996 ). ARP-4761A, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment . Society of Automotive Engineers . S-18.

  35. Sherry , L. and Mauro , R. ( 2014 ). Controlled flight into stall (CFIS): Functional complexity failures and automation surprises . In: Integrated Communications, Navigation and Surveillance Conference (ICNS) (8–10 April 2014), D1–1 . New York : IEEE .

  36. Thomas , John , and Leveson , Nancy . ( 2018 ). STPA Handbook .

  37. USDoD ( 1949 ). MIL-P-1629 – Procedures for Performing a Failure Mode Eject and Critical Analysis . United States Department of Defense .

  38. Vesely , W. E. , Goldberg , F. F. , Roberts , N. H. , and Haasl , D. F. ( 1981 ). Fault Tree Handbook . Technical Report, DTIC Document .

  39. Watson , H. ( 1961 ). Launch Control Safety Study . Murray Hill, NJ, USA : Bell Telephone Laboratories .

  40. Wise , J. , Rio , A. , and Fedouach , M. ( 2011 ). What really happened aboard Air France 447 . Popular Mechanics 6 : 35 – 36 .

  41. Young , W. and Leveson , N. ( 2013 ). Systems thinking for safety and security . In: Proceedings of the 29th Annual Computer Security Applications Conference , New Orleans, LA, USA (9–13 December 2013), 1 – 8 . New York : Association for Computing Machinery .

SERC Logo

The Systems Engineering Research Center (SERC) was established in the Fall of 2008 as a government-designated University Affiliated Research Center (UARC). The SERC has produced 15 years of research, focused on an updated systems engineering toolkit (methods, tools, and practices) for the complex cyber-physical systems of today and tomorrow.


Follow us on

LinkedIn