Conference Paper To Appear

Integrating Attack-Fault Trees in the ODE Metamodel to Support Safety and Security Co-Analysis in the Automotive Domain

Authors Victor Luiz Grechi André Luiz de Oliveira Barbara Gallina Leonardo Montecchi Rosana Teresinha Vaccare Braga
Abstract
Integrating safety and security in automotive cyberphysical systems (CPS) domains (e.g. autonomous vehicles), is challenging for two main reasons. First, it is still difficult to represent the potential consequences of system failures or malicious attacks. Secondly, these systems must ensure safety and security despite unknowns and uncertainties. A Digital Dependability Identity (DDI) can facilitate this by encapsulating all dependability characteristics (e.g., design, requirements, safety, and security analysis models) of CPS’s components. The Open Dependability Exchange (ODE) metamodel is an implementation of the DDI concept, but has limitations in the interplay between safety and security. ODE is aligned with with ISO 26262 but lacks certain security concepts to be aligned with ISO 21434. Also, ODE supports modeling fault trees, but modeling attack trees and attack-fault trees still not. This paper proposes an extension to the ODE metamodel, aiming to increase coverage of ISO 21434 concepts and allowing the modeling of attackfault trees. We built these metamodel extensions based on an analysis of the ODE metamodel, industry standards, Microsoft STRIDE model, and HEAVENS security analysis methodologies. We evaluated the proposed extensions in an illustrative example of an autonomous vehicle.
Event 49th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2025)
Venue Toronto, Canada
Date July 8-11, 2025 (To appear)
Publisher IEEE
Citation
Bibtex 
@inproceedings{2025COMPSAC,
  author = {Grechi, Victor Luiz and de Oliveira, André Luiz and Gallina, Barbara and Montecchi, Leonardo and Vaccare Braga, Rosana Teresinha},
  title = {{Integrating Attack-Fault Trees in the ODE Metamodel to Support Safety and Security Co-Analysis in the Automotive Domain}},
  booktitle = {49th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2025)},
  address = {Toronto, Canada},
  date = {2025-07-08/2025-07-11},
  note = {\emph{To appear}},
  year = {2025}
}

Plain Text
V. Grechi, A. de Oliveira, B. Gallina, L. Montecchi, R. Braga. Integrating Attack-Fault Trees in the ODE Metamodel to Support Safety and Security Co-Analysis in the Automotive Domain. In: 49th IEEE International Conference on Computers, Software, and Applications (COMPSAC 2025). Toronto, Canada, July 8-11, 2025.
Previous
 
Publications List
 
Next

© 2017-2024 Leonardo Montecchi