eduzhai > Applied Sciences > Engineering >

Data-Flow-Based Extension of the System-Theoretic Process Analysis for Security (STPA-Sec)

  • Save

... pages left unread,continue reading

Document pages: 8 pages

Abstract: Security analysis is an essential activity in security engineering toidentify potential system vulnerabilities and achieve security requirements inthe early design phases. Due to the increasing complexity of modern systems,traditional approaches, which only consider component failures and simplecause-and-effect linkages, lack the power to identify insecure incidents causedby complex interactions among physical systems, human and social entities. Bycontrast, a top-down System-Theoretic Process Analysis for Security (STPA-Sec)approach views losses as resulting from interactions, focuses on controllingsystem vulnerabilities instead of external threats and is applicable forcomplex socio-technical systems. In this paper, we proposed an extension ofSTPA-Sec based on data flow structures to overcome STPA-Sec s limitations andachieve security constraints of information-critical systems systematically. Weanalyzed a Bluetooth digital key system of a vehicle by using both the proposedand the original approach to investigate the relationship and differencesbetween both approaches as well as their applicability and highlights. Toconclude, the proposed approach can identify more information-related problemswith technical details and be used with other STPA-based approaches toco-design systems in multi-disciplines under the unified STPA processframework.

Please select stars to rate!


0 comments Sign in to leave a comment.

    Data loading, please wait...