Abstract
Systems-Theoretic Process Analysis (STPA) helps mitigate identified safety hazards leading to unfortunate situations. Usually, a systematic step-by-step approach is followed by safety experts irrespective of any software based tool-support, but identified hazards should be associated with security risks and human factors issues. In this paper, a design framework using Integrating Requirements and Information Security (IRIS) and open source Computer Aided Integration of Requirements and Information Security (CAIRIS) tool-support is used to facilitate the application of STPA. Our design framework lays the foundation for resolving safety, security and human factors issues for critical infrastructures. We have illustrated this approach with a case study based on real life Cambrian Coast Line Railway incident.
Original language | English |
---|---|
Title of host publication | Computer Security. ESORICS 2021 International Workshops |
Editors | Sokratis Katsikas, Costas Lambrinoudakis, Nora Cuppens, John Mylopoulos, Christos Kalloniatis, Weizhi Meng, Steven Furnell, Frank Pallas, Jörg Pohle, M. Angela Sasse, Habtamu Abie, Silvio Ranise, Luca Verderame, Enrico Cambiaso, Jorge Maestre Vidal, Marco Antonio Sotelo Monge |
Place of Publication | Germany |
Publisher | Springer Nature |
Pages | 58-73 |
Number of pages | 16 |
Volume | 13106 |
ISBN (Electronic) | 978-3-030-95484-0 |
ISBN (Print) | 978-3-030-95483-3 |
DOIs | |
Publication status | E-pub ahead of print - 8 Feb 2022 |
Event | Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE - Virtual, Online, Germany Duration: 4 Oct 2021 → 8 Oct 2021 https://link.springer.com/book/10.1007/978-3-030-95484-0 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13106 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE |
---|---|
Abbreviated title | ESORICS 2021 |
Country/Territory | Germany |
City | Virtual, Online |
Period | 4/10/21 → 8/10/21 |
Other | This volume includes the accepted contributions, in total 31 full papers and one short paper, to six of these workshops, as follows: • 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2021); • 5th International Workshop on Security and Privacy Requirements Engineering (SECPRE 2021); • 4th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT2021); • 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE2021); • 2nd International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2021); and • 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT&SECOMANE 2021). |
Internet address |
Keywords
- CAIRIS
- Human factors
- IRIS
- Rail infrastructure
- Safety hazards
- Security risks
- STPA