Dates and Events: |
OSADL Articles:
2023-11-12 12:00
Open Source License Obligations Checklists even better nowImport the checklists to other tools, create context diffs and merged lists
2022-07-11 12:00
Call for participation in phase #4 of Open Source OPC UA open62541 support projectLetter of Intent fulfills wish list from recent survey
2022-01-13 12:00
Phase #3 of OSADL project on OPC UA PubSub over TSN successfully completedAnother important milestone on the way to interoperable Open Source real-time Ethernet has been reached
2021-02-09 12:00
Open Source OPC UA PubSub over TSN project phase #3 launchedLetter of Intent with call for participation is now available |
Real Time Linux Workshops
1999 - 2000 - 2001 - 2002 - 2003 - 2004 - 2005 - 2006 - 2007 - 2008 - 2009 - 2010 - 2011 - 2012 - 2013 - 2014 - 2015 - 2017
17th Real Time Linux Workshop, October 21 to 22, 2015 at the Virtual Vehicle Research Center, Graz, Austria
Announcement - Call for participation (ASCII) - Hotels - Directions - Agenda - Paper Abstracts - Presentations - Registration - Abstract Submission - Exhibitors and Sponsors - Gallery
A Harmonized threat/hazard modeling for Safety Critical Industrial Systems
Andreas Platschek, Vienna University of Technology
Since the current common practice is to connect every industrial system to the internet in one way or the other, the security of a system has to be evaluated and assured - especially when it comes to safety critical systems.
Recent standards (notably IEC 61508 Ed2 and EN 50159 Ed2), have begun to normatively include security for systems that are no longer closed. These standards contain clauses that require a systematic method used to perform a threat analysis if they could constitute a relevant safety impact. While there is a number of threat modeling techniques available, many of those were developed for the server and office space, but would require a number of adaptions for the use in industrial systems. Other methods are newly developed for industrial systems, but they lack the confidence a development team has to put into them.
A third option - presented in this paper - is to reuse a method that has already been in use in the safety domain for a long time, is well known, understood and trusted, and adapt it to be suitable for security. The methods are compliant with the safety standards and thus the extension - if done carefully - does not invalidate this acceptance and can build on well established competence of the safety engineering staff. At the same time, this harmonization is crucial as both security and safety are system properties and treating interdependent system properties as independent is technically not reasonable and economically not efficient.
The advantage of this approach is, that the development team only needs to be firm in one analysis method and use it for threat analysis when security is analyzed and hazards when safety is analyzed.