Identification automatisée des interactions comportementales entre les fonctions de sûreté et de sécurité dans les systèmes automobiles
Auteur / Autrice : | Priyadarshini - |
Direction : | Oum El Kheir Aktouf |
Type : | Projet de thèse |
Discipline(s) : | Informatique |
Date : | Inscription en doctorat le 01/12/2020 |
Etablissement(s) : | Université Grenoble Alpes |
Ecole(s) doctorale(s) : | École doctorale mathématiques, sciences et technologies de l'information, informatique |
Partenaire(s) de recherche : | Laboratoire : Laboratoire de conception et d'intégration des systèmes |
Equipe de recherche : CTSYS |
Mots clés
Résumé
Today's transportation systems are undergoing a major transformation, driven by electrification, enhanced connectivity, and the integration of software-defined features and machine learning algorithms. These advancements substantially increase system complexity and the risk of unintended feature interactions. The shift towards automated driving reduces human involvement, heightening the need for reliable systems that ensure both safety and security. While standards such as ISO 26262 for functional safety and ISO/SAE 21434 for cybersecurity set stringent requirements, there is no industry standard that addresses the interactions between safety and security artefacts. Unintended interactions between these artefacts can introduce significant risks, including critical safety concerns. These challenges are compounded by differing terminologies, separate development teams, and tight delivery timelines, often resulting in late detection of these interactions, leading to higher costs and delays. The primary aim of this thesis is to develop methodologies for identifying safety and security interactions in the automotive domain, thereby enhancing overall system dependability. First, we address the research question: How can interactions between security feature designs and safety failures of system components be identified and assessed? Our proposed method is the first to establish a causal link between security features and component failures by analysing existing safety and security artefacts, such as Design FMEA and SysML diagrams of security features. The evaluation demonstrates that our method effectively identifies security feature designs that could lead to safety failures and can be applied to real-world systems. Next, we address the research question: How can directed behavioural interactions between safety and security features be effectively identified? To address this, we propose several methods that automatically identify different types of interactions, including direct and indirect interactions involving intermediate safety or security features. Our methods analyse existing behavioural specification models, specifically UML activity and sequence diagrams, facilitating efficient reuse of established artefacts and reducing the need to develop new models from scratch. Additionally, tool support is provided, and the methods are validated on a real-world UML model of a driver assistance system. Finally, we compare our proposed methods with a state-of-the-art method to assess their ability to identify different types of interactions while considering execution time. The results show that while two methods effectively detect direct interactions, only one excels in identifying complex indirect interactions. Moreover, the comparison highlights the advantages and limitations of each method, aiding the selection of an appropriate method based on factors such as time, computational resources, and the safety criticality of the system. This thesis, conducted within an industrial setting, presents systematic and pragmatic methods for identifying safety and security interactions, advancing the body of knowledge on safety and security co-engineering in cyber-physical systems.