A Comparative Study of STPA-Extension and the UFoI-E Method for Safety and Security Co-analysis

被引：17

作者：

Guzman, Nelson H. Carreras ^{[1
,2
]}

Zhang, Jin ^{[1
,3
]}

Xie, Jing ^{[4
]}

Glomsrud, Jon Arne ^{[4
]}

机构：

[1] Tech Univ Denmark DTU, Engn Syst Design Sect, DK-2800 Lyngby, Denmark

[2] Norwegian Univ Sci & Technol NTNU, Dept Mech & Ind Engn, N-7034 Trondheim, Norway

[3] Norwegian Univ Sci & Technol NTNU, Dept Comp Sci, N-7034 Trondheim, Norway

[4] DNV GL, Grp Technol & Res, N-1363 Hovik, Norway

来源：

RELIABILITY ENGINEERING & SYSTEM SAFETY | 2021年 / 211卷 / 211期

关键词：

Safety and security; comparative study; risk identification; cyber-physical systems (CPSs); autonomous ship; RISK;

D O I：

10.1016/j.ress.2021.107633

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

Emerging challenges in cyber-physical systems (CPSs) have been encouraging the development of safety and security co-analysis methods. These methods aim at mitigating the new risks associated with the convergence of safety-related systemic flaws and security-related cyber-attacks that have led to major losses in CPSs. Although several studies have reviewed existing safety and security co-analysis methods, only a few empirical studies have attempted to compare their strengths and limitations to guide risk analysis in practice. This paper bridges the gap between two novel safety and security co-analysis methods and their practical implementations. Namely, this paper compares a novel extension of the System-Theoretic Process Analysis (STPA-Extension) and the Uncontrolled Flows of Information and Energy (UFoI-E) method through a common case study. In our case study, the CPS under analysis is a conceptual autonomous ship. We conducted our comparative study as two independent teams to guarantee that the implementation of one method did not influence the other method. Furthermore, we developed a comparative framework that evaluates the relative completeness and the effort required in each analysis. Finally, we propose a tailored combination of these methods, exploiting their unique strengths to achieve more complete and cost-effective risk analysis results.

引用

页数：18

共 50 条

[41] Solberg C.L., 2018, STPA ANAL REVOLT
[42] Stake RE., 1995, ART CASE STUDY RES
[43] Sulaman SM, 2019, LECT NOTES INFORM LN, VP-292, P175, DOI [10.18420/se2019-55, DOI 10.18420/SE2019-55]
[44] Taylor A, 2019, ASSESSING RECENT SOIL EROSION RATES THROUGH THE USE OF BERYLLIUM-7 (BE-7), P1, DOI 10.1007/978-3-030-10982-0_1
[45] Automated HAZOP revisited
Taylor, J. R.
[J]. PROCESS SAFETY AND ENVIRONMENTAL PROTECTION, 2017, 111 : 635 - 651
[46] Wei LC, 2019, SSRN ELECT J, DOI [10.2139/ssrn.3370555, DOI 10.2139/SSRN.3370555.FEBRUARY]
[47] Weiss J., 2010, PROTECTING IND CONTR
[48] Yampolskiy Mark., 2013, P 2 ACM INT C HIGH C, P135, DOI [10.1145/2461446.2461465, DOI 10.1145/2461446.2461465]
[49] Young W., 2013, P 29 ANN COMPUTER SE, P1, DOI DOI 10.1145/2523649.2530277
[50] The future of risk assessment
Zio, E.
[J]. RELIABILITY ENGINEERING & SYSTEM SAFETY, 2018, 177 : 176 - 190

← 1 2 3 4 5 →