Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns

TL;DR

This paper introduces a method using semantically-rich architecture patterns and knowledge reasoning to automate safety and security co-design in safety-critical systems, reducing manual effort and errors.

Contribution

It presents a novel approach employing domain-specific language and logic-based reasoning to automate safety-security trade-off analysis during system design.

Findings

Automated recommendations for architecture patterns addressing failures and threats.

Reduction in manual effort and human errors in safety-security co-design.

Validated approach on an ISO 21434 standard example.

Abstract

During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety patterns has consequences on security, e.g., the deployment of a safety pattern may lead to new threats. The other way around may also be possible, i.e., the deployment of a security pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and trade-offs, in order to reach appropriate system designs. Currently, pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually, thus time-consuming and prone to human-error, especially given the high system complexity. We propose the use of semantically-rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.