Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis

Amna Altaf, Shamal Faily, Huseyin Dogan, Eylem Thron, Alexios Mylonas

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Systems-Theoretic Process Analysis (STPA) helps mitigate identified safety hazards leading to unfortunate situations. Usually, a systematic step-by-step approach is followed by safety experts irrespective of any software based tool-support, but identified hazards should be associated with security risks and human factors issues. In this paper, a design framework using Integrating Requirements and Information Security (IRIS) and open source Computer Aided Integration of Requirements and Information Security (CAIRIS) tool-support is used to facilitate the application of STPA. Our design framework lays the foundation for resolving safety, security and human factors issues for critical infrastructures. We have illustrated this approach with a case study based on real life Cambrian Coast Line Railway incident.
Original languageEnglish
Title of host publicationComputer Security. ESORICS 2021 International Workshops
EditorsSokratis Katsikas, Costas Lambrinoudakis, Nora Cuppens, John Mylopoulos, Christos Kalloniatis, Weizhi Meng, Steven Furnell, Frank Pallas, Jörg Pohle, M. Angela Sasse, Habtamu Abie, Silvio Ranise, Luca Verderame, Enrico Cambiaso, Jorge Maestre Vidal, Marco Antonio Sotelo Monge
Place of PublicationGermany
PublisherSpringer Nature
Number of pages16
ISBN (Electronic)978-3-030-95484-0
ISBN (Print)978-3-030-95483-3
Publication statusE-pub ahead of print - 8 Feb 2022
EventComputer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE - Virtual, Online, Germany
Duration: 4 Oct 20218 Oct 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13106 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceComputer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE
Abbreviated titleESORICS 2021
CityVirtual, Online
OtherThis volume includes the accepted contributions, in total 31 full papers and one short paper, to six of these workshops, as follows:
• 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems (CyberICPS 2021);
• 5th International Workshop on Security and Privacy Requirements Engineering
(SECPRE 2021);
• 4th International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT2021);
• 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE2021);
• 2nd International Workshop on Cyber-Physical Security for Critical Infrastructures
Protection (CPS4CIP 2021); and
• 1st International Workshop on Cyber Defence Technologies and Secure
Communications at the Network Edge (CDT&SECOMANE 2021).
Internet address


  • Human factors
  • IRIS
  • Rail infrastructure
  • Safety hazards
  • Security risks
  • STPA


Dive into the research topics of 'Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis'. Together they form a unique fingerprint.

Cite this