Hostname: page-component-586b7cd67f-g8jcs Total loading time: 0 Render date: 2024-12-02T19:29:12.034Z Has data issue: false hasContentIssue false

METAMODEL FOR SAFETY AND SECURITY INTEGRATED SYSTEM ARCHITECTURE MODELING

Published online by Cambridge University Press:  27 July 2021

Aschot Kharatyan*
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
Julian Tekaat
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
Sergej Japs
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
Harald Anacker
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
Roman Dumitrescu
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
*
Kharatyan, Aschot, Fraunhofer Research Institute for Mechatronic Systems Design IEM, Product Engineering, Germany, [email protected]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

As digitization progresses, the integration of information and communication technologies in technical systems is constantly increasing. Fascinating value potentials are emerging (e.g. autonomous driving), but also challenges in the system development. The constantly increasing product complexity and degree of networking require a systemic development, which is fulfilled by established approaches of Model-Based Systems Engineering (MBSE). To ensure the reliability of tomorrow's systems, an integrative and early consideration of security and safety is additionally required. In order to show the possibility and consequences of failures and attacks, the paper develops a modeling language that links established and partly isolated security and safety approaches within a consistent metamodel. The developer is enabled to synthesize system architectures transparently on an interdisciplinary level and to analyze attack and failure propagation integratively. The approach uncovers synergetic and especially contrasting goals and effects of architectural designs in terms of safety and security in order to make adequate architectural decisions based on trade-off analyses.

Type
Article
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.
Copyright
The Author(s), 2021. Published by Cambridge University Press

References

Apvrille, L. and Roudier, Y. (2014), “Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems”, Electronic Proceedings in Theoretical Computer Science.CrossRefGoogle Scholar
Biggs, G., Juknevicius, T., Armonas, A. and Post, K. (2018), “Integrating Safety and Reliability Analysis into MBSE: overview of the new proposed OMG standard”, INCOSE International Symposium, Vol. 28 No. 1.CrossRefGoogle Scholar
Chen, D., Johansson, R., Lönn, H., Blom, H., Walker, M., Papadopoulos, Y., Torchiaro, S., Tagliabo, F. and Sandberg, A. (2011), “Integrated safety and architecture modeling for automotive embedded systems”, e & i Elektrotechnik und Informationstechnik, Vol. 128 No. 6.CrossRefGoogle Scholar
Dorociak, R. (2015), “Systematik zur frühzeitigen Absicherung der Sicherheit und Zuverlässigkeit fortschritt-licher mechatronischer Systeme”, Dissertation, Heinz Nixdorf Institut, Universität Paderborn, Paderborn.Google Scholar
Dumitrescu, R., Westermann, T. and Falkowski, T. (2018), “Autonome Systeme in der Produktion”, Industrie 4.0 Management, Vol. 2018 No. 6.CrossRefGoogle Scholar
EAST-ADL (2013), EAST-ADL Domain Model Specification, V2.1.12.Google Scholar
Fockel, M. (2018), “Safety Requirements Engineering for Early SIL Tailoring”, Dissertation, Heinz Nixdorf Institut, Universität Paderborn, Paderborn.Google Scholar
Gausemeier, J., Ramming, F. J., Schäfer, W. (2014), Design Methodology for Intelligent Technical Systems - Develop Intelligent Technical Systems of the Future, Springer Berlin Heidelberg, Berlin, HeidelbergCrossRefGoogle Scholar
Haberfellner, R., de Weck, O.L. and Fricke, E. (2019), Systems engineering: Fundamentals and applications, Birkhäuser, Switzerland.CrossRefGoogle Scholar
Haskins, C. (2006), INCOSE - Systems Engineering Handbook - A Guide for System Life Cycle Processes and Activities, Version 3.Google Scholar
Hillenbrand, M. (2012), “Funktionale Sicherheit nach ISO 26262 in der Konzeptphase der Entwicklung von Elektrik/Elektronik Architekturen von Fahrzeugen”, Dissertation, Institut für Technik der Informationsverarbeitung, Karlsruher Institut für Technologie (KIT), Karlsruhe.Google Scholar
Hoppe, T. (2014), “Prävention, Detektion und Reaktion gegen drei Ausprägungsformen automotiver Malware - Eine methodische Analyse im Spektrum von Manipulationen und Schutzkonzepten”, Dissertation, Fakultät für Informatik, Otto-von-Guericke-Universität Magdeburg, Magdeburg.Google Scholar
ISO 26262 (2011), Road vehicles - Functional safety, ICS 01.040.43 No. 43.040.10 No., Beuth Verlag, Berlin.Google Scholar
ISO/SAE 21434 (2020), Road vehicles — Cybersecurity engineering, ICS: 43.040.15.Google Scholar
Jäger, T. (2016), “Safety und Security”, available at: https://users.informatik.haw-hamburg.de/~ubicomp/projekte/master2015-gsem/jaeger/bericht.pdf (accessed 12 August 2020).Google Scholar
Jones, A. and VIdalis, S. (2005), Analyzing Threat Agents & Their Attributes, Information Security Consultant Geo-Bureau.Google Scholar
Macher, G., Armengaud, E., Brenner, E. and Kreiner, C. (2016), “Threat and Risk Assessment Methodologies in the Automotive Domain”, Procedia Computer Science.CrossRefGoogle Scholar
Miller, C. and Valasek, C. (2013), Adventures in automotive networks and control units, Def Con, Vol. 21, pp. 260264.Google Scholar
Nigam, V., Pretschner, A. and Ruess, H. (2019), Model-Based Safety and Security Engineering.Google Scholar
Oates, R., Thom, F. and Herries, G. (2013), “Security-Aware, Model-Based Systems Engineering with SysML”, in Janicke, H. (Ed.), 1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), Leicester, UK, 16–17 September 2013, British Computer Soc, Swindon.Google Scholar
Pierre, D. and Shawky, M. (2010), “Supporting ISO 26262 with SysML, Benefits and Limits”, Proceedings of European Safety and Reliability, ESREL 2010.Google Scholar
Rodrigues da Silva, A. (2015), “Model-driven engineering: A survey supported by the unified conceptual model”, Computer Languages, Systems & Structures, Vol. 43.CrossRefGoogle Scholar
Roudier, Y. and Apvrille, L. (2015), “SysML-Sec - A Model Driven Approach for Designing Safe and Secure Systems”, in Hammoudi, S. (Eds.), Model-Driven Engineering and Software Development: Third International Conference, MODELSWARD 2015, Angers, France, February 9–11, 2015, Revised Selected Papers, Communications in Computer and Information Science, 1st ed. 2015, Springer International Publishing, Cham, s.l.Google Scholar
Rupp, C. and Queins, S. (2012), UML2 glasklar: Praxiswissen für die UML-Modellierung, 4., aktualisierte und erw. Aufl., Hanser, München.CrossRefGoogle Scholar
Schmidt, H. and Jürjens, J. (2011), UMLsec4UML2 - Adopting UMLsec to Support UML2.Google Scholar
Steiner, M. (2016), “Integrating Security Concerns into Safety Analysis of Embedded Systems Using Component Fault Trees”, Dissertation, Fachbereich Informatik, Technische Universität Kaiserslautern, Kaiserslautern.Google Scholar
Walden, D.D., Roedler, G.J., Forsberg, K., Hamelin, R.D. and Shortell, T.M. (Eds.) (2015), Systems engineering handbook: A guide for system life cycle processes and activities, INCOSE-TP-2003-002-04, 4. edition, Wiley, Hoboken, NJ.Google Scholar
Weilkiens, T. (2014), Systems Engineering mit SysML/UML: Anforderungen, Analyse, Architektur, 3., überarb. und aktualisierte Aufl., dpunkt.verl., HeidelbergGoogle Scholar