Interplay of security and safety.

In system engineering, security and safety may be compromised in several system layers and life cycle stages. Usually, security and safety are considered when design decisions are made, leading to potential conflict. This brings tremendous challenges during system design and integration. Just consider CPS and the added complexity and connectivity they offer. For example, the security of cars has already been compromised with the possibility to interact with different safety-related functionality, like releasing the brakes while driving. Thus, security and safety in CPS can only be addressed holistically. The ideas of system architecture, safety and security modeling and analysis are not new [1], but to the best of our knowledge, the interplay and integration of system security, safety and the rest of the architecture has not been well addressed. In this work, we will focus particularly on the interplay between safety, security and the system architecture; we aim at providing methodological and tool support for their design in unison. The patterns that are at the heart of our system and software engineering process reflect security and safety solutions at several levels of abstractions (e.g., different systems engineering life-cycle stages, different architecture layers). In our vision, a security or safety pattern [2,3] is a subsystem exposing pattern functionalities through interfaces and solutions behavior and targeting security and safety properties. In this project, we propose a preliminary modeling framework of security and safety properties of design patterns and some of their interplay primitives. The proposed interplay specification makes an attempt to model the resulting effect between security and safety attributes of two interacting patterns. The interplay specification structure can capture the results of combined security and safety specifications of two participating patterns in an interaction. The targeted security and safety modeling syntax will provide a simple formalism for specifying the security and safety properties of individual patterns on which the interplay relationship among patterns can be established. At the core of the framework is a set of Domain Specific Modeling Languages (DSML) and model transformations. Emphasis will be placed on formally defining abstract and concrete syntaxes, as well as the semantics of the modeling languages, e.g., by translation to existing formal languages. This will enable us to verify models using formal analysis.

Bibliography.

[1] Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y., 2015. A survey of approaches combining safety and security for industrial control systems. Reliability Engineering System Safety 139, 156-178.

[2] Hamid, B., Guergens, S., Fuchs, A., 2016. Security patterns modeling and formalization for pattern-based development of secure software systems. Innovations in Systems and Software Engineering, Springer 12 (2), 109-140.

[3] Schmidt, H., Juerjens, J., 2011. Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec. In: 23rd International Conference on Advanced Information Systems Engineering (CAiSE). Vol. 6741 of LNCS. Springer, pp. 367-382.

To apply, please send your CV at: hamid at irit dot fr

Remarques. The internship will be remunerated. It can be extended to a PhD grant on the same project.