SafeSec - Integrated Safety and Security Engineering of Self-Adaptive Systems
The overall objective of the project SafeSec is to improve the integrated safety and security engineering of self-adaptive systems. During the first step, a security attack modeling language for self-adaptive systems is developed. This is based on the newly developed taxonomy of attacks that are specific to self-adaptive systems, as well as an existing hazard analysis approach. Furthermore, the project investigates the process of mining attack models from various data sources, such as vulnerability and attack databases. In addition, it examines how to automatically link attack models to the system models and continuously monitors relevant sources for attack model evolution.
The next phase includes the extension of the hazard analysis approach from the previous work towards a security-driven hazard analysis approach, in which a suitable model-based testing approach is developed to dynamically validate the results of the hazard analysis. Finally, the evaluation of the results from the project is conducted in context of a quadrocopter lab case as well as safe and secure development processes from the domains of aerospace and plant control.
SafeSec Attack-Fault Tree Generation Toolchain
Our proof-of-concept implementation of our proposed approach of a AFT generator toolchain can be downloaded here!