by Markus Tauber, Christian Wagner and Andreas Mauthe

In the frame of the European ARTEMIS (Advanced Research and Technology for Embedded Intelligence and System) Innovation Pilot Project “Arrowhead” we address safety and security analysis methods as a part of ‘safety and security co-engineering’. This is being combined with other research activities in e.g. the FP7 Project SECCRIT (Secure Cloud Computing for Critical Infrastructure IT) in which we investigate how to assure security properties in complex (cloud based) systems which are derived from safety and security analysis results. The goal is to create a uniform point of view for Systems-of-Systems high-level security properties and assurance.

The latest ICT trends (e.g. the Internet of Things (IoT), Industry version 4 or smart-*) will result in systems integrating sensors and embedded devices within one infrastructure collecting huge amounts of data. The amount of data generated is somewhat unpredictable, being dependent on factors such as environmental conditions and human behaviour patterns. Cloud based systems would seem a logical place to store and process this data. Since these systems are also used together with control utilities, they form part of the critical infrastructure, and trust is of utmost importance. To introduce trustworthiness into such systems, transparency through enhanced monitoring is a key factor. However, deciding what to monitor is very complex. Established audit approaches or methods for analysing safety and security of systems can be used as a basis. However, such approaches typically focus on safety in the peripheral domain (e.g. sensors) or on security in the backend (e.g. Cloud). Hence, combined approaches are required.

Today’s ICT systems include IoT infrastructures such as smart grids, smart cities and smart buildings (including private households as well as public buildings such as schools), they are often composed of traditionally isolated systems, now forming part of smart systems-of-systems (SoS). They consist of environmental sensor networks or manufacturing devices. The amount of data and its complexity (i.e. interdependencies) depends on usage patterns - for instance, electricity usage in a specific segment of a power grid, or on environmental conditions when controlling heating in public buildings. Resources for processing and storing such data need to be scalable and flexible. Thus, the Clouds represent an enabling factor for such systems. Such systems span from the peripheral domain (with sensor networks and embedded devices with some potential fluctuation of constituent components) to scalable and flexible Cloud backends (in which constituent components are contributing resources on demand).

To accept such technologies, users must be able to understand how their data is being treated and how the system protects data and operates in a safe and secure manner. Transparency is of utmost importance to achieve trustworthiness. It is hard to decide which parameters to monitor and how to represent the monitoring information in an aggregated form.

To address these issues our research agenda is twofold. First, we investigate established audit, security and safety analysis methods to extract the relevant high level security properties. Safety analysis methods are typically used in the peripheral domain and security analysis methods in the backend. These need to be combined as ‘safety and security co-engineering’ to create a uniform point of view for SoS high-level security properties. This work is conducted in the Artemis project ARROWHEAD and contributed to the ARROWHEAD framework [1]. Second, we investigate how to represent aggregated information in our assurance approaches [2], in the FP7 project SECCRIT (Secure Cloud Computing for Critical Infrastructure IT).

A first publication [3] related to safety and security co-engineering presents an evaluation of the methods in isolation. For succeeding activities the security analysis an approach based on the ISO 27005 and ETSI TS 102 165-1 standards is used in recent work in ARROWHEAD. For the safety and reliability analysis the IEC 60812 standard is used. Both include an identification of unsatisfactory situations (threats and failure modes) and a method for identifying those with the highest risks. The system is modelled using a dataflow diagram for identifying threats and to motivate decisions when extracting failure modes from an existing catalogue. We have performed an applicability analysis on the resulting threats and failure modes to filter out the relevant ones. In the end the risks of the remaining threats and failure modes were evaluated in detail. The elicitation of threats was supported by a series of workshops and interviews. Results have been applied to current design of one of the project’s pilots. So far we have conducted safety and security analysis individually, and will extend the range of methods. The next step will involve modelling the process and investigating how to describe results to conduct a combined analysis to develop safety and security co-engineering, the fundamentals of which will be contributed to the ARROWHEAD framework.

We have systematically modelled security metrics for Cloud systems to contribute to our assurance model (as introduced in [2]). I.e. ISO27002, defines ‘high-level’ security metrics such as strong passwords. This can be measured by checking if corresponding tools (e.g. PAM (see Link) are available in the constituent components. A catalogue of high level security metrics is being developed and corresponding tool-support will be provided.

Promising initial results have already been published, and form a basis of our research agenda. They will be extended in future projects (e.g. H2020 CREDENTIAL).


[1] S. Plosz, M. Tauber, P. Varga: “Information Assurance System in the Arrowhead Project”, ERCIM News No. 97, pp 29, April 2014.
[2] A. Hudic et al.: “Multi-layer and multi-tenant cloud assurance evaluation methodology, in International Conference on Cloud Computing Technology and Science (CloudCom-2014), 2014.
[3] S. Plósz et al.: “Security Vulnerabilities And Risks In Industrial Usage Of Wireless Communica-tion”, ETFA 2014, September 2014.

Please contact:
Markus Tauber, AIT, Austrian Institute of Technology, Austria
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue: January 2018
Special theme:
Quantum Computing
Call for the next issue

Image ERCIM News 102 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed