Data-Flow-Based Extension of the System-Theoretic Process Analysis for Security (STPA-Sec)
Jinghua Yu, Stefan Wagner, Feng Luo
TL;DR
This paper extends the STPA-Sec security analysis method by incorporating data flow structures, enabling more comprehensive identification of information-related vulnerabilities in complex socio-technical systems.
Contribution
The paper introduces a data-flow-based extension to STPA-Sec, enhancing its ability to systematically identify security issues in information-critical systems.
Findings
The extended approach identifies more information-related security problems.
It provides detailed technical insights into vulnerabilities.
The method is applicable alongside other STPA-based techniques.
Abstract
Security analysis is an essential activity in security engineering to identify potential system vulnerabilities and achieve security requirements in the early design phases. Due to the increasing complexity of modern systems, traditional approaches, which only consider component failures and simple cause-and-effect linkages, lack the power to identify insecure incidents caused by complex interactions among physical systems, human and social entities. By contrast, a top-down System-Theoretic Process Analysis for Security (STPA-Sec) approach views losses as resulting from interactions, focuses on controlling system vulnerabilities instead of external threats and is applicable for complex socio-technical systems. In this paper, we proposed an extension of STPA-Sec based on data flow structures to overcome STPA-Sec's limitations and achieve security constraints of information-critical…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.