SafeSec

Modern cyber-physical systems, such as connected cars, connected factories in the 4.0 age industry or quadrocopter swarms are typically safety-critical systems that may harm their environment. They increasingly make decisions autonomously and, thus, adapt their behavior to changes in the system itself and the environment by performing self-adaptation. Due to the connectedness of these systems, security has become the key influence factor for their safety with the possibility of severe consequences for the health or even the life of affected people. Therefore, the integration of security aspects into modern safety analysis is a must in order to be able to employ the appropriate techniques to ensure that hazards are eliminated, reduced, or controlled. However, suitable approaches for integrated safety and security modeling and analysis are still rare. The project SafeSec: Integrated Safety and Security Model Generation and Analysis of Self- Adaptive Systems will overcome this issue and provides for the first time a combined safety and security engineering approach for self-adaptive systems. For that purpose, SafeSec develops a novel hazard analysis approach that integrates system and fault models with attack models. To enable this novel hazard analysis approach attacks to self-adaptive systems are systematically analyzed and a suitable attack modeling language is developed. Modeling security attacks is essential for the provided new hazard analysis approach, but requires specific knowledge and is time consuming. Therefore, SafeSec additionally contributes a novel approach to mine attack models based on the available system and fault models, system structure as well as additional empirical data sources like vulnerability databases or forums. The evaluation of SafeSec is based on a quadrocopter lab case as well as industrial aerospace and plant control systems.

Modern cyber-physical systems, such as connected cars, connected factories in the 4.0 age industry or quadrocopter swarms are typically safety-critical systems that may harm their environment. They increasingly make decisions autonomously and, thus, adapt their behavior to changes in the system itself and the environment by performing self-adaptation. Due to the connectedness of these systems, security has become the key influence factor for their safety with the possibility of severe consequences for the health or even the life of affected people. Therefore, the integration of security aspects into modern safety analysis is a must in order to be able to employ the appropriate techniques to ensure that hazards are eliminated, reduced, or controlled. However, suitable approaches for integrated safety and security modeling and analysis are still rare. The project "SafeSec: Integrated Safety and Security Model Generation and Analysis of Self-Adaptive Systems" will overcome this issue and provides for the first time a combined safety and security engineering approach for self-adaptive systems. For that purpose, SafeSec develops a novel hazard analysis approach that integrates system and fault models with attack models. To enable this novel hazard analysis approach attacks to self-adaptive systems are systematically analyzed and a suitable attack modeling language is developed. Modeling security attacks is essential for the provided new hazard analysis approach, but requires specific knowledge and is time consuming. Therefore, SafeSec additionally contributes a novel approach to mine attack models based on the available system and fault models, system structure as well as additional empirical data sources like vulnerability databases or forums. The evaluation of SafeSec is based on a quadrocopter lab case.