Method and framework for security risks analysis guided by safety criteria.

As previously discussed [19], the challenges to achieve a consistent intertwining between safety and security are rather diverse and complex. Recent advances in safety and security suggest that risks analyses provide guidance for achieving a comprehensive alignment. However, for many domains, like in aeronautics, security is rather a recent concern whereas aircraft development has been mostly guided by safety criteria for several decades. The referred disparity along with the fact that security is, in many respects, a discipline still in evolution, imposes restrictions for specifying and applying methods to conduct safety and security co-engineering as a unified process. In this paper, we present the progress in the development of a model-based method, a framework and a tool useful to conduct a security risks analysis guided by safety criteria and goals. Among others, the approach relies on know-how found in the state of the art, in standards like ED202, ED203 (EUROCAE) 1 , as well as in open knowledge bases like CAPEC and CWE (MITRE) 2 . These sources are integrated which allows the instantiation of patterns of attacks, vulnerabilities, and architectures, which are crucial elements to semi-automate the analysis. A rule-based algorithm for exploring potential attack paths across an architecture is proposed and implemented. The approach is finally demonstrated by analyzing a combined attack-failure path in a Flight Control System which can undermine the safety of a modern aircraft. The framework and tool support seek safety-security by design and aim to facilitate the reuse of case studies and to settle a basis for repeatability and results comparison.