Computer Safety, Reliability, and Security
34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015, Proceedings
Published on 15. September 2015
XXII, 486 pages
978-3-319-24255-2 (ISBN)
Description
This book constitutes the refereed proceedings of the 34th International
Conference on Computer Safety, Reliability, and Security, SAFECOMP 2015, held in
Delft, The Netherlands, in September 2014. The 32 revised full papers presented
together with 3 invited talks were carefully reviewed and
selected from 104 submissions. The papers are organized in topical sections on
flight systems, automotive embedded systems, automotive software, error detection, medical safety cases, medical systems, architecture and testing, safety cases, security attacks, cyber security and integration, and programming and compiling.
More details
Series
Edition
1st ed. 2015
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XXII, 486 p. 141 illus. in color.
ISBN-13
978-3-319-24255-2 (9783319242552)
DOI
10.1007/978-3-319-24255-2
Schweitzer Classification
Other editions
Additional editions
Floor Koornneef | Coen van Gulijk
Computer Safety, Reliability, and Security
34th International Conference, SAFECOMP 2015, Delft, The Netherlands, September 23-25, 2015, Proceedings
Book
11/2015
Springer
€53.49
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Invited Talks
- Does IoT Stand for Internet of Threatsand Other Stories
- Medical Devices, Electronic Health Recordsand Assuring Patient Safety:Future Challenges?
- Cyber (In-)security of Industrial ControlSystems: A Societal Challenge
- Contents
- Invited Talks
- Medical Devices, Electronic Health Records and Assuring Patient Safety: Future Challenges?
- Abstract
- 1 EHR Promises and Problems
- 2 Connectivity and Medical Devices
- 3 eHealth and Home Monitoring
- 4 The Tension Between Patient Privacy and Patient Safety
- 5 Conclusion
- References
- Cyber (In-)security of Industrial Control Systems: A Societal Challenge
- 1 Introduction
- 2 Definitions
- 3 Paradigm Changes to ICS
- 3.1 From Closed to too Open Environments
- 3.2 Hide in Functionality but Connected to Internet
- 4 Lack of Governance of ICS Security
- 4.1 The Executive Level
- 5 ICS Technology
- 5.1 Aging, Legacy and too New ICS Technology
- 5.2 Weak and Insecure ICS Protocols
- 5.3 Insecure ICS by Design
- 5.4 Common TCP-IP Based Connectivity
- 6 ICS Maintenance and Operations
- 7 Third Parties
- 8 Conclusion: Long and Short Term Actions
- References
- Flight Systems
- Modeling Guidelines and Usage Analysis Towards Applying HiP-HOPS Method to Airborne Electrical Systems
- Abstract
- 1 Introduction
- 2 HiP-HOPS Foundations
- 3 Modeling Guidelines to Apply HiP-HOPS
- 3.1 Guideline 1: Create a Library of Annotated Components
- 3.2 Guideline 2: Support Annotation Customization
- 3.3 Guideline 3: Define the System's Modes of Operation
- 3.4 Guideline 4: Group Components by Its Function
- 3.5 Guideline 5: Model Considering the Common Mode Effects
- 3.6 Guideline 6: Avoid Loops
- 3.7 Guideline 7: Design Models with Incremental Complexity
- 4 Usage Analysis of HiP-HOPS with Modeling Guidelines
- 4.1 Scenario
- 4.2 Evaluating Acceptability, Suitability and Practicality of HiP-HOPS
- 5 Conclusions
- References
- The Formal Derivation of Mode Logic for Autonomous Satellite Flight Formation
- 1 Introduction
- 2 Satellite Flight Formation
- 3 Coordinated Mode Transitions in Autonomous Systems
- 4 Modelling and Refinement in Event-B
- 5 Modelling Satellite Flight Formation in Event-B
- 6 Conclusion and Related Work
- References
- Automotive Embedded Systems
- Simulation of Automotive Security Threat Warnings to Analyze Driver Interpretations and Emotional Transitions
- Abstract
- 1 Motivation: The Role of Drivers in Automotive Safety/Security
- 2 Basics
- 2.1 Think-Aloud-Tests
- 2.2 Driving Simulator
- 3 Concept, Test Setup and Execution
- 3.1 Emotional Transitions
- 4 Test Evaluation
- 4.1 Recommendation of Conduct and Understanding of the Warning
- 4.2 Recommendation of Conduct and Quality of Reaction
- 4.3 Self-perceived and Investigator-Perceived Quality of Reaction
- 4.4 Warning Understood and Quality of Reaction
- 4.5 Lane Change Test
- 5 Emotion Detection with Thermal Images
- 5.1 Measurement, Observed Results and Interpretation
- 6 Summary and Outlook
- Acknowledgements
- References
- Improving Dependability of Vision-Based Advanced Driver Assistance Systems Using Navigation Data and Checkpoint Recognition
- 1 Introduction
- 2 Problem Statement
- 3 The Computer-Vision Monitor (CVM) Concept
- 4 Reliability Analysis
- 4.1 Functional Hazard Analysis
- 4.2 FTA for Vision-Based ADAS
- 4.3 FTA for Vision-Based ADAS with CVM
- 5 Conclusions and Future Work
- References
- Safely Using the AUTOSAR End-to-End Protection Library
- 1 Introduction
- 2 AUTOSAR E2E Protection
- 2.1 ISO26262 Requirements and AUTOSAR E2E Protection Measures
- 2.2 The Impact of Different Periodicity
- 3 Background Techniques
- 3.1 Model Checking
- 3.2 Component-Based Design
- 4 Analysis of End-to-End Protection Safety Guarantees
- 4.1 Modelling
- 4.2 Verification Problem
- 4.3 A Concrete Safety Case
- 4.4 Scalability Evaluation
- 4.5 Analysis of Impossible Cases
- 4.6 Discussion
- 5 Related Work
- 6 Conclusions and Future Work
- References
- A Structured Validation and Verification Method for Automotive Systems Considering the OEM/Supplier Interface
- 1 Introduction
- 2 ISO 26262
- 3 Functional Safety Framework
- 4 Tool Support
- 5 Case Study
- 6 V&V Method and Case Study
- 7 Related Work
- 8 Conclusions and Future Work
- References
- Automotive Software
- Model-Based Analysis for Safety Critical Software
- 1 Introduction
- 2 ADC Use Case
- 3 Analysis Approach
- 3.1 Construction and Validation of the Abstract Model
- 3.2 Model-Based Testing Approach
- 4 Testing the C Implementation on Simulated Hardware
- 5 Conclusion
- References
- Integrated Safety Analysis Using Systems-Theoretic Process Analysis and Software Model Checking
- 1 Introduction
- 2 Background
- 3 Integrated Application of STPA and Model Checking
- 4 Illustrative Example: Adaptive Cruise Control System
- 4.1 Deriving Safety Requirements of the ACC Software Controller
- 4.2 Formalisation Software Safety Requirements
- 4.3 Verifying Software Safety Requirements Using SPIN
- 5 Related Work
- 6 Conclusions and Future Work
- References
- Back-to-Back Fault Injection Testing in Model-Based Development
- Abstract
- 1 Introduction
- 2 Related Work
- 3 Workflow for Back-to-Back Fault Injection Testing in Model-Based Development
- 4 Experimental Setup
- 4.1 Tools
- 4.2 Brake-By-Wire (BBW) Use Case
- 4.3 Fault Model and Fault Locations
- 5 Experimental Results
- 5.1 Results of the Back-to-Back Comparison
- 6 Conclusions and Future Work
- Acknowledgements
- References
- Error Detection
- Understanding the Effects of Data Corruption on Application Behavior Based on Data Characteristics
- 1 Introduction
- 2 SWIFI Framework
- 3 Experimental Setup
- 4 Experimental Results and Discussion
- 5 Related Work
- 6 Conclusion
- References
- A Multi-layer Anomaly Detector for Dynamic Service-Based Systems
- Abstract
- 1 Introduction
- 2 State of the Art on CEP Monitors and Anomaly Detection
- 3 Motivations and Overview of a Multi-Layer Anomaly Detector
- 4 AS and OS Cross-Layer Monitoring Solution
- 4.1 The Machines and the Observed Probes
- 4.2 The Monitor
- 5 Experiments Execution and Results
- 5.1 Case Study: The Secure! Machine and the Monitor
- 5.2 Evaluation of Probes Intrusiveness
- 5.3 Evaluation of the Monitor Performance
- 5.4 SPS Behavior and Detection Capability
- 6 Conclusions and Future Works
- Acknowledgements
- References
- Medical Safety Cases
- Safety Case Driven Development for Medical Devices
- Abstract
- 1 Context
- 2 Objective
- 3 Methodology
- 4 Use Case
- 4.1 System Definition
- 4.2 Hazard Decomposition
- 4.3 System Safety Concept
- 4.4 Component Design
- 5 Brief Discussion
- 6 Conclusions and Future Work
- References
- Towards an International Security Case Framework for Networked Medical Devices
- Abstract
- 1 Introduction
- 2 Solution Overview
- 3 Approach
- 3.1 Method
- 3.2 Security Case and Pattern Development
- 3.3 Security Pattern
- 3.4 Security Controls/Security Capability Mapping
- 4 Results
- 5 Future Work
- 6 Conclusion
- Acknowledgments
- References
- Medical Systems
- Systems-Theoretic Safety Assessment of Robotic Telesurgical Systems
- Abstract
- 1 Introduction
- 2 Background
- 2.1 RAVEN II Robotic Surgical Platform
- 2.2 Systems-Theoretic Hazard Analysis Using STPA
- 3 Systems-Theoretic Safety Validation Using Fault Injection
- 3.1 Safety Hazards and Unsafe Control Actions
- 3.2 Safety Hazard Injection Framework
- 4 Experimental Results
- 4.1 Undetected Safety Hazards
- 4.2 Mitigated Safety Hazards
- 5 Discussion
- 5.1 Related Safety Incidents from FDA MAUDE Database
- 5.2 Vulnerabilities in Safety Mechanisms and Mitigation of Safety Hazards
- 6 Related Work
- 7 Conclusions
- Acknowledgements
- References
- Towards Assurance for Plug & Play Medical Systems
- 1 Introduction and Motivation
- 2 Motivating Example: Clinical Scenario: Patient Controlled Analgesia
- 2.1 A Fail-Safe Device Coordination Protocol
- 3 A Platform-Oriented Ecosphere
- 4 The Platform Argument Pattern
- 4.1 Pattern Terms
- 4.2 The Pattern
- 4.3 An Example Assurance Argument
- 5 Related Work
- 6 Conclusions and Future Work
- References
- Risk Classification of Data Transfer in Medical Systems
- Abstract
- 1 Introduction
- 2 Tool
- 3 Conclusion and Discussion
- References
- Requirement Engineering for Functional Alarm System for Interoperable Medical Devices
- 1 Introduction
- 2 Background
- 2.1 A Case for IMDS Alarms
- 3 IAS Requirements Generation
- 3.1 Hazard Analysis-Based Requirements Gathering
- 4 Case Study
- 4.1 ALS-IMD System Model
- 5 Related Work
- 6 Conclusion
- References
- Architectures and Testing
- The Safety Requirements Decomposition Pattern
- Abstract
- 1 Introduction
- 2 State of the Practice in Specifying Safety Requirements
- 3 Designing the Safety Requirements Decomposition Pattern
- 4 The Safety Requirements Decomposition Pattern
- 4.1 Safety Requirements Decomposition Pattern at the Functional Level
- 4.2 Safety Requirements Decomposition Pattern at the Technical Level
- 4.3 Safety Requirements Decomposition Pattern Elements that are Common to the Functional and Technical Levels
- 5 Specifying the Safety Requirements of an Automated External Defibrillator with the Safety Requirements Decomposition Pattern
- 5.1 Preliminary Specification of the Automated External Defibrillator
- 5.2 Safety Requirements Specification for Addressing the Overshocking Hazard
- 5.3 Brief Discussion
- 6 Related Works
- 7 Conclusions and Future Works
- Acknowledgements
- References
- Automatic Architecture Hardening Using Safety Patterns
- 1 Introduction
- 2 Case Study
- 3 Overview of the Proposed Hardening Approach
- 3.1 Design Methodology Overview
- 3.2 Considered Safety Patterns
- 4 Automatic Hardening
- 4.1 Pseudo-Boolean Constraint Systems
- 4.2 System and Safety Pattern Characterization
- 4.3 Component and Pattern Selection Constraints Generation
- 4.4 Results
- 5 Conclusion and Future Work
- References
- Modeling the Impact of Testing on Diverse Programs
- Abstract
- 1 Introduction
- 2 The Diverse Debug Model
- 2.1 Fault Inclusion Model
- 2.2 Modeling Fault Removal
- 3 Modeling Different Test Strategies
- 3.1 Random Removal Test Strategy
- 3.2 Ordered Removal Strategy (with Independence)
- 3.3 Ordered Plus Random Removal Strategies (with Independence)
- 3.4 Ordering Dependent on Inclusion Probability
- 3.5 Dependent Order Plus Random Removal Strategies
- 4 Summary of the Model Results
- 5 Validity of Model Assumptions
- 5.1 Set of Characteristic Faults
- 5.2 Independent Selection of Faults from the Pool
- 5.3 Same Fault Selection Probabilities by Diverse Teams
- 5.4 Independence of Fault Removal Order and Fault Selection Probability
- 6 Discussion
- 6.1 Relationship to Prior Research
- 6.2 Relationship of beta to Pfd
- 6.3 Validating the Performance of Diverse Test Strategies
- 7 Conclusions and Further Work
- Acknowledgments
- References
- Safety Cases
- A Model for Safety Case Confidence Assessment
- 1 Introduction
- 2 Related Work
- 3 Proposed Approach Overview
- 4 Measuring Confidence
- 5 Propagating Confidence
- 5.1 Argument Types
- 5.2 Simple Argument
- 5.3 Alternative Arguments
- 5.4 Complementary Arguments
- 5.5 Mixed Arguments
- 5.6 Sensitivity Analysis
- 6 Conclusion
- References
- Towards a Formal Basis for Modular Safety Cases
- 1 Introduction
- 2 Modular Extensions to Goal Structuring Notation
- 3 Motivating Example
- 4 Formalization
- 5 Discussion
- 6 Concluding Remarks
- References
- Security Attacks
- Quantifying Risks to Data Assets Using Formal Metrics in Embedded System Design
- 1 Introduction
- 2 Related Work
- 3 Quantifying Risks to Data Assets
- 3.1 Proposed Metrics and Risks
- 3.2 Basic Terms: Domain, Attack, and System
- 3.3 Metrics and Their Derivation
- 4 An Illustrative Example
- 4.1 System and Attack Modelling
- 4.2 Calculating Metrics
- 5 Conclusion and Future Work
- References
- ISA2R: Improving Software Attack and Analysis Resilience via Compiler-Level Software Diversity
- 1 Introduction
- 2 Related Work
- 3 Implemented Transformations
- 4 Preliminary Evaluation
- 4.1 Efficiency
- 4.2 Effectiveness
- 4.3 Evaluation Summary
- 5 Conclusion and Future Work
- References
- Cyber Security and Integration
- Barriers to the Use of Intrusion Detection Systems in Safety-Critical Applications
- Abstract
- 1 Introduction
- 2 Manual Approaches to Intrusion Detection
- 3 Blacklist Approaches to Intrusion Detection
- 4 Whitelist Approaches to Intrusion Detection
- 5 Information Diodes and the Threat from False Positives
- 6 Conclusions
- References
- Stochastic Modeling of Safety and Security of the e-Motor, an ASIL-D Device
- Abstract
- 1 Introduction
- 2 Problem Statement and Related Research
- 3 The Model
- 3.1 Simplifications Made
- 3.2 The SAN Model
- 4 Findings
- 5 Discussion
- 6 Conclusions and Future Work
- Acknowledgement
- References
- Organisational, Political and Technical Barriers to the Integration of Safety and Cyber-Security Incident Reporting Systems
- Abstract
- 1 Introduction
- 2 From Safety Management to Cyber Incident Reporting
- 3 Integrating Safety and Cyber Security Reporting Systems
- 4 Differences between Safety and Cyber Security Reporting
- 4.1 Under-reporting and an Imbalance between Safety and Security Incidents
- 4.2 The Threats from Dissemination
- 4.3 Political Conflicts of Notification
- 4.4 Different Legal Contexts
- 4.5 Concerns over Causal Analysis
- 4.6 Conflicting Recommendations in Security and Safety Reporting Systems
- 5 Conclusions and Further Work
- References
- A Comprehensive Safety, Security, and Serviceability Assessment Method
- 1 Introduction
- 2 Related Work and Background
- 2.1 State-of-the-Art
- 2.2 Dependability Analysis Methods
- 3 Combined Approach for Dependable System Development
- 4 Application of the Approach
- 5 Conclusion
- References
- Programming and Compiling
- Source-Code-to-Object-Code Traceability Analysis for Avionics Software: Don't Trust Your Compiler
- 1 Introduction
- 2 Branching Analysis Using Graph Isomorphisms
- 3 Beyond Branching Analysis
- 4 Evaluation
- 4.1 Branching Analysis
- 4.2 Hidden Call Detection
- 4.3 Memory Allocation Analysis
- 4.4 Store Analysis
- 5 Related Work
- 6 Concluding Discussion
- References
- Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT
- 1 Introduction
- 2 Related Work
- 3 Motivating Example
- 4 Quick Fixes Generation
- 4.1 Quick Fix Locations Search Algorithm
- 4.2 Bug Detection with SMT
- 4.3 Semi-automatic Patch Insertion Wizard
- 5 Implementation
- 6 Evaluation
- 6.1 Methodology
- 6.2 RQ1: Performance of Our Tool
- 6.3 RQ2: Usefulness of the Generated Fixes
- 6.4 RQ3: Program Behavior Preserved After Patch Insertion
- 6.5 Threats to Validity
- 7 Conclusion and Future Work
- References
- A Software-Based Error Detection Technique for Monitoring the Program Execution of RTUs in SCADA
- Abstract
- 1 Introduction
- 2 Related Works
- 3 The Proposed Technique: ICS-CFC
- 3.1 ICS-CFC Technique Implementation in RTUs
- 3.2 ICS-CFC Technique Implementation in the MTU
- 3.3 Overhead Analysis of the ICS-CFC Technique
- 4 Experimental Results
- 4.1 The Models of Fault
- 4.2 ICS-CFC Technique Execution in a Local Network
- 4.3 Case Study: Execution ICS-CFC Technique in a Real ICS
- 5 Conclusions
- Acknowledgement
- References
- Real-World Types and Their Application
- Abstract
- 1 Introduction
- 2 From the Real World to the Machine
- 3 The Real World Type System
- 3.1 Overall Structure
- 3.2 The Definition of Real-World Types
- 3.3 Real-World Type Rules
- 3.4 Real-World Types and Program Structures
- 3.5 Real-World Type Example
- 4 An Implementation for Java
- 4.1 Operation of the Prototype
- 4.2 Type Conversion
- 5 Evaluation
- 5.1 Kelpie Flight Planner
- 5.2 Other Java Applications
- 6 Related Work
- 7 Conclusion
- Acknowledgements
- References
- Author Index
