dc.contributor.author | Torkildson, Erik Nilsen | |
dc.contributor.author | Li, Jingyue | |
dc.contributor.author | Johnsen, Stig Ole | |
dc.date.accessioned | 2019-11-18T12:39:45Z | |
dc.date.available | 2019-11-18T12:39:45Z | |
dc.date.created | 2019-10-15T10:44:29Z | |
dc.date.issued | 2019 | |
dc.identifier.isbn | 978-981-11-2724-3 | |
dc.identifier.uri | http://hdl.handle.net/11250/2629050 | |
dc.description.abstract | Many safety and security co-analysis methods have been proposed to assure the safety of critical systems, including autonomous systems. One example of safety and security co-analysis approach is Systems-Theoretic Process Analysis (STPA) plus STPA-Sec. When using STPA combined with STPA-Sec, the security analysis is performed as part of the causal factor analysis, which is after the safety risk analysis. Few studies have questioned whether such an approach can be improved and how to improve it. In our study, we tried to answer two research questions (RQs): RQ1) Could we improve STPA-Sec by complementing it with threat modeling approaches? RQ2) Could we find more safety risks if we perform security analysis before safety analysis? We performed safety and security coanalysis of an autonomous boat to answer these research questions. Results of the study show that performing security analysis before safety analysis identifies more safety risks than the other way around. To be combined with STPA-Sec, threat modeling based on the data flow diagram outperforms other threat modeling approaches we evaluated. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Research Publishing Services | nb_NO |
dc.relation.ispartof | Proceedings of the 29th European Safety and Reliability Conference(ESREL). 22 – 26 September 2019 Hannover, Germany | |
dc.title | Improving Security and Safety Co-analysis of STPA | nb_NO |
dc.type | Chapter | nb_NO |
dc.description.version | publishedVersion | nb_NO |
dc.identifier.cristin | 1737124 | |
dc.description.localcode | This chapter will not be available due to copyright restrictions (c) 2019 by Research Publishing Services | nb_NO |
cristin.unitcode | 194,63,10,0 | |
cristin.unitname | Institutt for datateknologi og informatikk | |
cristin.ispublished | true | |
cristin.qualitycode | 1 | |