Computer Safety, Reliability, and Security
35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings
Published on 6. September 2016
XV, 324 pages
978-3-319-45477-1 (ISBN)
Description
This book constitutes the refereed proceedings of the 35th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2016, held in Trondheim, Norway, in September 2016. The 24 revised full papers presented were carefully reviewed and selected from 71 submissions. The papers are organized in topical sections on fault injection, safety assurance, formal verification, automotive, anomaly detection and resilience, cyber security, fault trees, and safety analysis.
More details
Other editions
Additional editions
Amund Skavhaug | Jérémie Guiochet | Friedemann Bitsch
Computer Safety, Reliability, and Security
35th International Conference, SAFECOMP 2016, Trondheim, Norway, September 21-23, 2016, Proceedings
Book
09/2016
Springer
€53.49
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Contents
- Fault Injection
- FISSC: A Fault Injection and Simulation Secure Collection
- 1 Introduction
- 1.1 Security Assessment Against Fault Injection Attacks
- 1.2 The Need for a Code Collection
- 2 The VerifyPIN Example
- 3 The FISSC Framework
- 3.1 Contents and File Organization
- 3.2 The VerifyPIN Suite
- 4 Comparing Tools
- 4.1 Case Study
- 4.2 Interpretation
- 5 Conclusion
- References
- FIDL: A Fault Injection Description Language for Compiler-Based SFI Tools
- 1 Introduction
- 2 Background
- 2.1 LLFI
- 2.2 Aspect-Oriented Programming (AOP)
- 3 Related Work
- 4 System Overview
- 4.1 FIDL Structure
- 4.2 Aspect Design
- 5 Evaluation Metrics
- 6 Evaluation
- 6.1 Experimental Setup
- 6.2 Experimental Results
- 7 Summary
- References
- Safety Assurance
- Using Process Models in System Assurance
- 1 Introduction and Motivation
- 2 Process Models
- 3 Confidence Argument Patterns
- 4 Instantiating Argument Patterns
- 5 Conclusions
- References
- The Indispensable Role of Rationale in Safety Standards
- Abstract
- 1 Introduction
- 2 Current Standards
- 2.1 Development of Standards
- 2.2 Using Standards
- 2.3 Maintenance of Standards
- 3 Rationalized Standards
- 3.1 The Concept
- 3.2 Defining Reasoning
- 3.3 Defining Guidance
- 4 Analysis of a Safety Standard
- 4.1 Example Element
- 4.2 Analysis of Example Element
- 4.3 Rationalized Standard Fragment
- 5 Conclusion
- Acknowledgment
- References
- Composition of Safety Argument Patterns
- 1 Introduction
- 2 Illustrative Example
- 3 Pattern Composition
- 3.1 Composition
- 3.2 Correctness
- 3.3 General Composition
- 4 Application
- 5 Related Work and Conclusions
- References
- Formal Verification
- Formal Analysis of Security Properties on the OPC-UA SCADA Protocol
- 1 Introduction
- 2 OPC-UA OpenSecureChannel
- 2.1 Modeling
- 2.2 Results
- 2.3 Fixed Version
- 3 OPC-UA CreateSession
- 3.1 Modeling
- 3.2 Results
- 4 Conclusion
- References
- A Dedicated Algorithm for Verification of Interlocking Systems
- 1 Introduction
- 2 Interlocking Principles
- 3 Verification Algorithm
- 4 Experiments
- 5 Conclusion
- References
- Catalogue of System and Software Properties
- 1 Introduction
- 2 Scope and Known Limitations
- 3 Requirements Taxonomy and Design Attributes
- 4 The CSSP
- 4.1 Formalization of the CSSP
- 4.2 Coverage of the Design Attributes
- 4.3 COMPASS Tool Support
- 4.4 Example
- 5 Conclusions and Future Work
- References
- A High-Assurance, High-Performance Hardware-Based Cross-Domain System
- 1 Introduction
- 1.1 Guardol for Cross-Domain Systems
- 1.2 Guardol and Hardware-Based Guards
- 2 The Guardol Toolchain
- 2.1 Guardol IDE
- 2.2 Verification
- 3 Adding Regular Expressions to Guardol
- 3.1 Proof Translation
- 3.2 Code Translation
- 4 Guardol VHDL Code Generation
- 5 FPGA-Based Guard Architecture and Implementation
- 6 Results
- 7 Related Work
- 8 Conclusion
- References
- Automotive
- Using STPA in an ISO 26262 Compliant Process
- 1 Introduction
- 2 Preliminaries
- 2.1 Systems Theoretic Process Analysis (STPA)
- 2.2 ISO 26262 Standard
- 3 STPA and ISO 26262
- 3.1 STPA and ISO 26262: Comparing Foundations
- 3.2 STPA and ISO 26262: Comparing Basic Terminologies
- 4 Using STPA in an ISO 26262 Compliant Process
- 5 Conclusion and Future Work
- References
- A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context
- 1 Introduction
- 2 SAE J3061 Guidebook TARA Recommendations
- 3 TARA Approaches Available for the Automotive Domain
- 3.1 TARA Approaches Recommended in SAE J3061
- 3.2 TARA Approaches Also Proposed in SAE J3061
- 3.3 TARA Approaches Not Mentioned by SAE J3061
- 4 Evaluation of Methods in ISO 26262 and SAE J3061 Context
- 5 Conclusion
- References
- Anomaly Detection and Resilience
- Context-Awareness to Improve Anomaly Detection in Dynamic Service Oriented Architectures
- Abstract
- 1 Introduction
- 2 Learning from the Past
- 2.1 Considering Context-Awareness
- 2.2 Enhancing Detection Capabilities
- 3 Description of the Anomaly Detection Framework
- 3.1 Architectural Overview
- 3.2 Methodology to Exercise the Framework
- 3.3 Insights on the Anomaly Detection Module
- 4 Experimental Evaluation.
- 4.1 Set-Up of the Target and the Detector Machine
- 4.2 Experiments Description
- 4.3 Discussion of the Results
- 5 State of the Art and Comparison with Other Solutions
- 6 Conclusions and Future Works
- Acknowledgements
- References
- Towards Modelling Adaptive Fault Tolerance for Resilient Computing Analysis
- Abstract
- 1 Introduction and Problem Statement
- 2 Resilience and Adaptive Fault Tolerant Computing
- 2.1 Basic Principles for AFT
- 2.2 Change Model
- 3 Assumptions and FT Design Patterns
- 4 Adaptive Fault Tolerance and Evolution Scenarii
- 5 Formal Definition of AFT
- 5.1 Notation and Definitions
- 5.2 Properties
- 5.3 Triggers for Adaptation
- 5.4 Simple Measures
- 6 Proof of Concepts
- 6.1 Formalization of the Previously Defined Scenarii
- 6.2 Comparison, Measures and Analysis of Scenarii
- 7 Conclusion
- References
- Automatic Invariant Selection for Online Anomaly Detection
- 1 Introduction
- 2 Related Work
- 3 Approach
- 3.1 Invariant Mining
- 3.2 Automatic Filtering
- 3.3 Detection
- 4 Case Study
- 5 Results
- 5.1 Training
- 5.2 Test
- 6 Discussion and Conclusion
- References
- Cyber Security
- Modelling Cost-Effectiveness of Defenses in Industrial Control Systems
- 1 Introduction
- 2 Related Work
- 3 Modelling and Simulation
- 3.1 Modelling and Representation
- 3.2 Simulation
- 4 Case Study and Experimental Settings
- 5 Results
- 6 Discussion
- 7 Conclusions
- References
- Your Industrial Facility and Its IP Address: A First Approach for Cyber-Physical Attack Modeling
- Abstract
- 1 Introduction
- 2 Related Work
- 3 Industrial Facility Architecture
- 4 Attack Scopes
- 4.1 Facility-Centered Scope
- 4.2 Communication-Centered Scope
- 4.3 Entity-Centered Scope
- 5 Component-Based Modeling
- 6 Application of Component-Based Modeling
- 6.1 Modeling of Computerized Systems
- 6.2 Modeling of Systems Interconnection
- 6.3 Modeling of Facilities Interrelationship
- 6.4 Modeling of Selected Attack Scenario
- 7 Conclusion
- Acknowledgements
- References
- Towards Security-Explicit Formal Modelling of Safety-Critical Systems
- 1 Introduction
- 2 Background: Event-B
- 3 Formal Reasoning About Safety
- 4 Incremental Derivation of Safety and Security Constraints by Refinement
- 5 A Data Flow Driven Refinement Approach
- 6 Overview of Related Work and Conclusions
- References
- A New SVM-Based Fraud Detection Model for AMI
- 1 Introduction
- 2 Related Works
- 3 Non-Technical Losses
- 4 SVM-Based Fraud Detection System
- 5 Dataset Preparation and Metric Definition
- 6 Fraud Detection System (FDS) Evaluation
- 7 Conclusion
- References
- Exploiting Trust in Deterministic Builds
- 1 Introduction
- 2 Background
- 2.1 x86 ISA
- 2.2 Anatomy of an x86 Instruction
- 2.3 Overlapping Instructions
- 2.4 Deterministic Builds
- 3 Hiding Instructions in Binary Code
- 3.1 Main and Hidden Execution Paths
- 3.2 Basic Design
- 3.3 MEP-to-HEP Mappings
- 4 Constructing the HEP from Source Code
- 4.1 Hiding Code in Immediate Fields
- 4.2 Hiding Code in Displacement Fields
- 4.3 Tying It All Together
- 4.4 Proof-of-Concept Backdoor
- 5 Related Work
- 6 Conclusion and Future Work
- References
- Fault Trees
- Advancing Dynamic Fault Tree Analysis - Get Succinct State Spaces Fast and Synthesise Failure Rates
- 1 Introduction
- 2 Dynamic Fault Trees
- 2.1 Dynamic Nodes
- 2.2 Syntactic Restrictions
- 3 State Space Generation
- 3.1 Markov Automata
- 3.2 State Space Generation
- 3.3 Optimisations
- 4 Measures of Interest
- 5 Parameter Synthesis
- 6 Experiments
- 7 Conclusions and Future Work
- References
- Effective Static and Dynamic Fault Tree Analysis
- 1 Introduction
- 2 Static and Dynamic Fault Trees
- 3 SD-FT Analysis
- 3.1 Quantification of a SD-FT
- 4 Experimental Evaluation
- 5 Concluding Comparison with Related Work
- References
- Safety Analysis
- SAFER-HRC: Safety Analysis Through Formal vERification in Human-Robot Collaboration
- 1 Introduction
- 2 Related Works
- 3 Preliminaries
- 4 Overview of the SAFER-HRC Methodology
- 5 Applying SAFER-HRC in Practice
- 6 Conclusions
- References
- Adapting the Orthogonal Defect Classification Taxonomy to the Space Domain
- Abstract
- 1 Introduction
- 2 Background and Related Work
- 3 Analysis Procedure
- 4 Case Studies
- 5 ODC Adaptation for Space Critical Systems
- 5.1 ODC Attributes - Trigger
- 5.2 ODC Attributes - Impact
- 5.3 ODC Attributes - Type
- 6 Reclassification with the Adapted ODC Taxonomy
- 7 Threats to Validity
- 8 Conclusions and Future Work
- Acknowledgements
- References
- Towards Cloud-Based Enactment of Safety-Related Processes
- 1 Introduction
- 2 Background
- 2.1 General Architecture on the Cloud
- 2.2 EXE-SPEM
- 2.3 Aircraft Engineering and Certification
- 2.4 Process and Product-Based Arguments Fragments Generation
- 3 Cloud-Based Engineering of Safety-Critical Systems
- 3.1 Extended Architecture for Safety-Critical Systems Engineering
- 3.2 Argument Generation
- 4 Case Study
- 4.1 Implementation
- 4.2 Execution
- 4.3 Discussion
- 5 Related Work
- 6 Conclusion and Future Work
- References
- Author Index
