Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences-Reference-Cited by-同舟云学术

Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences

Published:2023-07-13 Issue:3 Volume:7 Page:1-20
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Serru Théo¹^ORCID,Nguyen Nga²^ORCID,Batteux Michel³^ORCID,Rauzy Antoine⁴^ORCID

Affiliation:

1. ETIS laboratory–UMR8051, France and Airbus Protect, France

2. Léonard de Vinci Pôle Universitaire, Research Center, France

3. IRT SystemX, France

4. Norvegian University of Science and Technology, Norway

Abstract

Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria. In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.

Funder

CY Initiative d’Excellence and Airbus Protect

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3593811

Reference46 articles.

1. Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model-Checking. MIT Press, Cambridge, MA.

2. AltaRica 3.0 in ten modelling patterns

3. Michel Batteux, Tatiana Prosvirnova, and Antoine Rauzy. 2022. A guided tour of AltaRica wizard, the AltaRica 3.0 integrated modeling environment. In Proceedings of the 32nd European Safety and Reliability Conference (ESREL’22), Maria Chiara Leva, Edoardo Patelli, Luca Podofillini, and Simon Wilson (Eds.). 2246–2253. Retrieved from https://www.rpsonline.com.sg/proceedings/esrel2022/html/S09-09-308.xml.

4. On the Brittleness of Software and the Infeasibility of Security Metrics

5. Bounded Model Checking

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Attack Scenarios Generation Algorithm Based on Discrete Event System Formalism;ACM SIGAda Ada Letters;2024-06-06