| 1. |
- Inayat, Irum, et al.
(författare)
-
Security-based Safety Hazard Analysis using FMEA : A DAM Case Study
- 2021
-
Ingår i: International Conference on Database and Expert Systems Applications. - Cham : Springer International Publishing.
-
Konferensbidrag (refereegranskat)abstract
- Safety and security emerge to be the most significant features of a Cyber-Physical System (CPS). Safety and security of a system are interlaced concepts and have mutual impact on each other. In the last decade, there are many cases where security breach resulted in safety hazards. There have been very few studies in the literature that address the integrated safety security risk assessment. Since, the need of the time is to consider both safety and security concurrently not even consequently. To close this gap, we aim to: (i) perform hazard analysis using Failure Mode Effect Analysis (FMEA) of a cyber physical system case i.e., Dam case study, and (ii) perform risk identification, risk analysis and mitigation for the said case. As a result, we extracted the potential failure modes, failure causes, failure effects, and the risk priority number. In addition, we also identified the safety requirements for the modes of the subject.
|
|
| 2. |
- Abbas, Muhammad, et al.
(författare)
-
Requirements dependencies-based test case prioritization for extra-functional properties
- 2019
-
Ingår i: Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2019. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728108889 ; , s. 159-163
-
Konferensbidrag (refereegranskat)abstract
- The use of requirements' information in testing is a well-recognized practice in the software development life cycle. Literature reveals that existing tests prioritization and selection approaches neglected vital factors affecting tests priorities, like interdependencies between requirement specifications. We believe that models may play a positive role in specifying these inter-dependencies and prioritizing tests based on these inter-dependencies. However, till date, few studies can be found that make use of requirements inter-dependencies for test case prioritization. This paper uses a meta-model to aid modeling requirements, their related tests, and inter-dependencies between them. The instance of this meta-model is then processed by our modified PageRank algorithm to prioritize the requirements. The requirement priorities are then propagated to related test cases in the test model and test cases are selected based on coverage of extra-functional properties. We have demonstrated the applicability of our proposed approach on a small example case.
|
|
| 3. |
- Hammad, Muhammad, et al.
(författare)
-
Risk Management in Agile Software Development: A Survey
- 2019
-
Ingår i: Proceedings - 2019 International Conference on Frontiers of Information Technology, FIT 2019. - 9781728166254 ; , s. 162-166
-
Konferensbidrag (refereegranskat)abstract
- In agile software development, some of the formal project management activities are neglected due to heavy documentation and planning. Agile methodologies usually focus on rapid development over hefty documentation which is contrary to the nature of the risk management process. Literature studies show agile methods are used for the development safety critical systems as well. For that ignoring risk management process is inevitable. This intrigued us to explore more on the risk management practices followed in agile methods following industry. To further the investigations on industrial practices regarding risk management, in this paper we explore on (i) the risks faced by the agile practitioners, and (ii) the mitigation strategies used. For this, we conducted an online survey with 54 agile practitioners. The results showed that the project deadlines and varying requirements are the two most commonly faced risks by the practitioners. Furthermore, the results also revealed that risk management strategies are being followed to some extent, but usually in a non-systematic way.
|
|
| 4. |
- Zahid, Maryam, et al.
(författare)
-
A security risk mitigation framework for cyber physical systems
- 2020
-
Ingår i: Journal of Software. - : John Wiley & Sons. - 2047-7473 .- 2047-7481. ; 32:2, s. 1-15
-
Tidskriftsartikel (refereegranskat)abstract
- Cyber physical systems (CPSs) are safety‐critical, be it weapon systems, smart medical devices, or grid stations. This makes ensuring security of all the components constituting a CPS unavoidable. The rise in the demand of interconnectedness has made such systems vulnerable to attacks, ie, cyberattacks. Over 170 cases of cyber‐security breaches in CPS were reported over the past two decades. An increase in the number of cyberattack incidents on CPS makes them more exposed and less trustworthy. However, identifying the security requirements of the CPS to pinpoint the relevant risks may help to counteract the potential attacks. Literature reveals that the most targeted security requirements of CPS are authentication, integrity, and availability. However, little attention has been paid on certain crucial security attributes such as data freshness and nonrepudiation. One major reason of security breaches in CPS is the lack of custom or generalized countermeasures. Therefore, we propose a security risk mitigation framework for a CPS focused on constraints, ie, authentication, data integrity, data freshness, nonrepudiation, and confidentiality. Furthermore, we evaluate the proposed work using a case study of a safety critical system. The results show a decrease in the severity of the identified security risks, ie, man‐in‐the‐middle attack, spoofing, and data tempering.
|
|
| 5. |
- Zahid, Maryam, 1992-, et al.
(författare)
-
Evolution in software architecture recovery techniques—A survey
- 2017
-
Ingår i: 13th International Conference on Emerging Technologies (ICET). - Islamabad, Pakistan : IEEE Computer Society Digital Library. - 9781538622612 ; , s. 1-6
-
Konferensbidrag (refereegranskat)abstract
- Software architecture is an important part of the software systems showing its components and connection between the components. Small release time and quick delivery has become the main objective of the software industry, these days. This has led to the negligence of the development of the software architecture resulting software architecture erosion. The aim of this research is to provide a review of the solutions proposed regarding the recovery of the software architecture over the years.
|
|
| 6. |
- Zahid, Maryam, 1992-, et al.
(författare)
-
Security Risk Mitigation of Cyber Physical Systems: A Case Study of a Flight Simulator
- 2019
-
Ingår i: Database and Expert Systems Applications. - Cham : Springer. - 9783030276836 - 9783030276843 ; , s. 129-138
-
Konferensbidrag (refereegranskat)abstract
- Avionics has seen a greatest shift in technology over the last two decades. The severity of the consequences resulting from a lack of risk management in avionics can be seen from recent incidents of unmanned aerial vehicles being hacked or in the hacking of vendor-controlled systems installed in commercial aircrafts. Over a million incidents related to security breaches at cyber layer have been recorded over the last decade, among which 350,000 cyber-attacks alone have taken place in the year 2018. Unfortunately, only a limited set of studies have been conducted on security risk management, particularly specific to avionics. In this article, we aim to identify, analyze and mitigate the security risks of 6 Degree of Freedom Flight Simulator. As a result, we identify 8 risks of level 3–4 as per the IEC 61508 standard. Further analysis of the identified risks yields in another 34 risks. We then mitigate the severity of the identified risks from level 4 to level 2 as per the IEC 61508 standard. The cryptosystem used for risk mitigation performed relatively faster as compared to some of the most recently proposed encryption schemes.
|
|
| 7. |
- Zahid, Maryam, et al.
(författare)
-
Security risks in cyber physical systems—A systematic mapping study
- 2021
-
Ingår i: Journal of Software. - : John Wiley & Sons. - 2047-7473 .- 2047-7481. ; 33:9
-
Forskningsöversikt (refereegranskat)abstract
- The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.
|
|
