Introduction to STPA-Sec
Abstract
The security of cyber-physical systems is first and foremost a safety problem, yet it is typically handled as a traditional security problem, which means that solutions are based on defending against threats and are often implemented too late. This traditional security approach neglects to take into consideration the context in which the system is intended to operate, thus system safety may be compromised, or unnecessary resources are spent on security solutions that are not necessary for system safety or mission success. This chapter presents a systems-theoretic analysis approach that combines a system's mission context and stakeholder perspectives with a modified version of Systems-Theoretic Accident Model and Process (STAMP) that allows decision-makers to strategically enhance the safety, resilience, and security of a system against potential threats. This methodology allows the capture of vital mission-specific information in a model, which then allows analysts to identify and mitigate vulnerabilities in the locations most critical to mission success. This chapter first motivates the need for the approach, then presents an overview of the general approach followed by a real example using an unmanned aerial vehicle conducting a reconnaissance mission.
Leads
Cody Fleming
Iowa State University
Publications
Ahl , V. and Allen , T.F.H. ( 1996 ). Hierarchy Theory: A Vision, Vocabulary, and Epistemology . Columbia University Press .
Bakirtzis , G. , Ward , G. , Deloglos , C. et al. ( 2020 ). Fundamental challenges of cyber-physical systems security modeling . In: 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S)(29 June–2 July 2020), 33 – 36 . New York : IEEE .
CIAIAC ( 2006 ). Failure of Braking, Accident Occurred on 21 May 1998 to Aircraft Airbus A-320-212 Registration G-UKLL at Ibiza Airport , Balearic Islands. Technical Report, Ministerio de Fomento Subsecreteria, Spain .
Dekker , S. ( 2013 ). The Field Guide to Understanding Human Error: Second Edition . Ashgate Publishing, Ltd .
Dong , A. ( 2012 ). Application of CAST and STPA to railroad safety in China . Master's thesis. Massachusetts Institute of Technology .
Fleming , C.H. , Leveson , N.G. , and Placke M.S. ( 2013 ). Assuring Safety of NextGen Procedures . In Proceedings of the 10th USA/Europe Air Traffic Management Research and Development Seminar (ATM2013) , Chicago, Illinois (10-13 June 2011).
Fleming , C.H . ( 2015 ). Safety-driven early concept analysis and development . PhD dissertations. Massachusetts Institute of Technology .
Fleming , C.H. , and Leveson , N.G. ( 2015b ). Including safety during early development phases of future air traffic management concepts . In Proc. 11th USA/European Air Traffic Management Seminar, Lisbon, Portugal (23–26 June 2015).
Fleming , C. , Ishimatsu , T. , Miyamoto , Y. , et al. ( 2012 ). Safety guided spacecraft design using model based specifications . In Proceedings of the 5th IAASS Conference, Versaille, France (17–19 October 2011). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .
Hawkins , R. , Habli , I. , and Kelly , T. ( 2013 ). The principles of software safety assurance . In: 31st International System Safety Conference (12–16 August 2013). Boston, Massachusetts USA : The International System Safety Society .
Hollnagel , E. , Woods , D.D. , and Leveson , N. ( 2007 ). Resilience Engineering: Concepts and Precepts . Ashgate Publishing, Ltd .
Horowitz , B. , Beling , P. , Fleming , C. et al. ( 2017 ). Security Engineering FY17 Systems Aware Cybersecurity . Stevens Institute of Technology Hoboken United States .
Hu , F. ( 2013 ). Cyber-Physical Systems: Integrated Computing and ENGINEERING DEsign . CRC Press .
Ishimatsu , T. , Leveson , N. , Thomas , J. et al. ( 2010 ). Modeling and hazard analysis using STPA . In: Conference of the International Association for the Advancement of Space Safety , Huntsville, Alabama (19–21 May 2010). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .
Ishimatsu , T. , Leveson , N. , Fleming , C. et al. ( 2011 ). Multiple controller contributions to hazards . In: 5th IAASS Conference Versaille, France (17–19 October 2011). Noordwijk, The Netherlands : European Space Agency Communications; ESTEC .
JPDO ( 2012 ). Capability Safety Assessment of Trajectory Based Operations v1.1 . Technical Report, Joint Planning and Development Office Capability Safety Assessment Team .
Leveson , N.G. ( 2012 ). Engineering a Safer World . MIT Press .
Mead , N.R. and Woody , C. ( 2016 ). Cyber Security Engineering: A Practical Approach for Systems and Software Assurance . Addison-Wesley Professional .
Modarres , M. ( 2006 ). Risk Analysis in Engineering: Techniques, Tools, and Trends . CRC Press .
Nance , J.J. ( 2005 ). Just how secure is airline security?: The Swiss cheese model and what we've really accomplished since 9/11 . ABC News 4 : 12 .
Pereira , S. J. , Lee , G. , and Howard , J. ( 2006 ). A System-Theoretic Hazard Analysis Methodology for a Non-Advocate Safety Assessment of the Ballistic Missile Defense System . Technical Report, DTIC Document .
Rasmussen , N.C. ( 1975 ). Reactor Safety Study: An Assessment of Accident Risks in US Commercial Nuclear Power Plants , vol. 4 . National Technical Information Service .
Reason , J. ( 1990 ). Human Error . Cambridge University Press .
RTCA ( 2008 ). Safety, performance and interoperability requirements document for the in-trail procedure in the oceanic airspace (ATSA-ITP) application . DO-312, Washington, DC .
SAE ( 1996 ). ARP-4761A, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment . Society of Automotive Engineers . S-18.
Thomas , John , and Leveson , Nancy . ( 2018 ). STPA Handbook .
USDoD ( 1949 ). MIL-P-1629 – Procedures for Performing a Failure Mode Eject and Critical Analysis . United States Department of Defense .
Vesely , W. E. , Goldberg , F. F. , Roberts , N. H. , and Haasl , D. F. ( 1981 ). Fault Tree Handbook . Technical Report, DTIC Document .
Watson , H. ( 1961 ). Launch Control Safety Study . Murray Hill, NJ, USA : Bell Telephone Laboratories .
Wise , J. , Rio , A. , and Fedouach , M. ( 2011 ). What really happened aboard Air France 447 . Popular Mechanics 6 : 35 – 36 .