Safe and Secure: Mutually Supporting Safety and Security Analyses with Model-Based Suggestions

Failures in cyber-physical systems, such as trains and cars, are caused either by faults or attacks. The former are addressed by safety engineering, the latter by security analysis. Both disciplines use separate terminology, processes, and tools. However, both rely on a common system architecture and use models such as component fault trees and attack trees, respectively, for their analyses. We posit that the two disciplines should be aligned without entangling their processes or teams, mutually supporting their considerations. For that purpose, assuming a joint system model, we introduce tool support that heuristically suggests correspondences between analysis elements of the two disciplines and, upon user confirmation, derives additional suggestions for analysis. Our tool allows both disciplines to benefit from the analyses of the other, increasing consistency, exhaustiveness, and alignment of the disciplines. Our paper introduces the approach, describes our prototypical tool, and illustrates the concept with a realistic automotive use case.