We explore requirement interactions related to safety and security properties with an example based on automotive braking systems, to show ideas about co-engineering trustworthy systems. We start from risk assessments TARA (Threat and Risk Assessment, ISO 21434) and HARA (Hazard Analysis and Risk Assessment, ISO 26262). These are often undertaken separately, resulting in requirements that may interact badly, for example, security features that compromise safety requirements, or sets of requirements that are impossible to satisfy together. Based on a minimal logical foundation for designing cyber-physical systems and considering requirement satisfaction across system changes, we classify several kinds of requirement interaction. These generalise the well-known case of (adverse) feature interactions; our suggestion is that understanding interactions can help during design or implementation revision cycles—even if requirements are considered without using formal methods.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

From Bouncing Break-ins to Frictional Firewalls: Ideas About Interacting Requirements for Vehicle Safety and Security

  • Luca Arnaboldi,
  • David Aspinall,
  • Christina Kolb,
  • Saša Radomirović

摘要

We explore requirement interactions related to safety and security properties with an example based on automotive braking systems, to show ideas about co-engineering trustworthy systems. We start from risk assessments TARA (Threat and Risk Assessment, ISO 21434) and HARA (Hazard Analysis and Risk Assessment, ISO 26262). These are often undertaken separately, resulting in requirements that may interact badly, for example, security features that compromise safety requirements, or sets of requirements that are impossible to satisfy together. Based on a minimal logical foundation for designing cyber-physical systems and considering requirement satisfaction across system changes, we classify several kinds of requirement interaction. These generalise the well-known case of (adverse) feature interactions; our suggestion is that understanding interactions can help during design or implementation revision cycles—even if requirements are considered without using formal methods.