Designing Critical Systems Using Hierarchical STPA and Event-B
Authors: 
Asieh Salehi Fathabadi, Colin Snook, Dana Dghaym, Thai Son Hoang, Fahad Alotaibi, Michael ButlerAuthors Info & Claims
Pages 220 - 237
Abstract
In the design of critical systems, it is important to ensure a degree of formality so that we reason about safety and security at early stages of analysis and design, rather than detect problems later. Influenced by ideas from STPA we present a hierarchical analysis process that aims to justify the design and flow-down of derived critical requirements arising from safety hazards and security vulnerabilities identified at the system level. At each level, we verify that the design achieves the safety/security requirements by backing the analysis with formal modelling and proof using Event-B refinement. The formal model helps to identify hazards/vulnerabilities arising from the design and how they relate to the safety accidents/security losses being considered at this level. We then re-apply the same process to each component of the design in a hierarchical manner. Thus we use ideas from STPA, backed by Event-B models, to drive the design, replacing the system level requirements with component requirements. In doing so, we decompose critical requirements down to components, transforming them from abstract system level requirements, towards concrete solutions that we can implement correctly so that the hazards/vulnerabilities are eliminated.
References
[1]
Abdulkhaleq, A., Wagner, S., Leveson, N.: A comprehensive safety engineering approach for software-intensive systems based on STPA. Procedia Eng. 128, 2–11 (2015). http://www.sciencedirect.com/science/article/pii/S1877705815038588. Proceedings of the 3rd European STAMP Workshop 5–6 October 2015, Amsterdam
[2]
Abrial JR Modeling in Event-B: System and Software Engineering 2010 Cambridge Cambridge University Press
[3]
Abrial JR, Butler M, Hallerstede S, Hoang T, Mehta F, and Voisin L Rodin: an open toolset for modelling and reasoning in event-B Softw. Tools Technol. Transf. 2010 12 6 447-466
[4]
Colley, J., Butler, M.: A formal, systematic approach to STPA using event-B refinement and proof (2013). https://eprints.soton.ac.uk/352155/. 21th Safety Critical System Symposium
[5]
Dghaym, D., Hoang, T.S., Turnock, S.R., Butler, M., Downes, J., Pritchard, B.: An STPA-based formal composition framework for trustworthy autonomous maritime systems. Saf. Sci. 136, 105139 (2021). https://www.sciencedirect.com/science/article/pii/S0925753520305348
[6]
Group, J.T.F.T.I.I.W.: SP 800–30 revision 1: Guide for conducting risk assessments. Technical report, National Institute of Standards & Technology (2012)
[7]
Hata, A., Araki, K., Kusakabe, S., Omori, Y., Lin, H.: Using hazard analysis STAMP/STPA in developing model-oriented formal specification toward reliable cloud service. In: 2015 International Conference on Platform Technology and Service, pp. 23–24 (2015)
[8]
Howard, G., Butler, M.J., Colley, J., Sassone, V.: Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology. In: 2017 IEEE European Symposium on Security and Privacy Workshops, EuroS &P Workshops 2017, Paris, France, 26–28 April 2017, pp. 174–180. IEEE (2017).
[9]
Howard G, Butler MJ, Colley J, and Sassone V A methodology for assuring the safety and security of critical infrastructure based on STPA and Event-B Int. J. Crit. Comput. Based Syst. 2019 9 1/2 56-75
[10]
Leuschel M and Butler M ProB: an automated analysis toolset for the B method Softw. Tools Technol. Transf. (STTT) 2008 10 2 185-203
[11]
Leveson, N.G., Thomas, J.P.: STPA Handbook. Cambridge, MA, USA (2018)
[12]
Omitola T, Rezazadeh A, Butler M, et al. Anderst-Kotsis G et al. Making (implicit) security requirements explicit for cyber-physical systems: a maritime use case security analysis Database and Expert Systems Applications 2019 Cham Springer 75-84
[13]
Pereira D, Hirata C, Pagliares R, and Nadjm-Tehrani S Tonetta S, Schoitsch E, and Bitsch F Towards combined safety and security constraints analysis Computer Safety, Reliability, and Security 2017 Cham Springer 70-80
[14]
Praxis: Tokeneer. https://www.adacore.com/tokeneer. Accessed May 2020
[15]
Snook, C., Hoang, T.S., Dghaym, D., Fathabadi, A.S., Butler, M.: Domain-specific scenarios for refinement-based methods. J. Syst. Archit. (2020). https://www.sciencedirect.com/science/article/pii/S1383762120301259
[16]
Thomas, J., Leveson, N.: Generating formal model-based safety requirements for complex, software-and human-intensive systems. In: Proceedings of the Twenty-first Safety-Critical Systems Symposium, Bristol, UK. Safety-Critical Systems Club (2013)
[17]
Young, W., Leveson, N.: Inside risks an integrated approach to safety and security based on systems theory: applying a more powerful new safety methodology to security risks. Commun. ACM 57(2), 31–35 (2014). https://www.scopus.com/inward/record.uri?eid=2-s2.0-84893411630 &doi=10.1145%2f2556938 &partnerID=40 &md5=07efb2984b5cf13de1fe2cb1583b7d27
Recommendations
Combining GSN and STPA for Safety Arguments
Computer Safety, Reliability, and SecurityAbstractDependability case, assurance case, or safety case is employed to explain why all critical hazards have been eliminated or adequately mitigated in mission-critical and safety-critical systems. Goal Structuring Notation (GSN) is the most employed ...
Linking modelling in event-b with safety cases
SERENE'12: Proceedings of the 4th international conference on Software Engineering for Resilient SystemsSafety cases are adopted in the certification process of many safety-critical systems. They justify why a system is safe and whether the design adequately incorporates safety requirements defined in a system requirement specification. The use of formal ...
Towards applying a safety analysis and verification method based on STPA to agile software development
CSED '16: Proceedings of the International Workshop on Continuous Software Evolution and DeliveryAgile methodologies are becoming widespread in modern software development. However, due to a lack of safety assurance activities, agile methods are criticized for being inadequate for the development of safe software. Safety analysis and safety ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
May 2023
385 pages
ISBN:978-3-031-33162-6
DOI:10.1007/978-3-031-33163-3
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 30 May 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Sep 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in