Workflow for Conflict and Reinforcement Identification Based on STPA and STRIDE

Critical Cyber-Physical Systems (CPSs) are becoming more complex and characterized by increasing automation, computational power, communication, and integration. CPSs involve processing and storage units, mechanical and electrical components, sensors, actuators, and communication networks, having software as the dominant part of this integration. CPS development includes safety and cybersecurity analyses to identify constraints and requirements to improve the system's operation. Mechanisms and countermeasures are identified and employed to meet requirements. Mechanisms and countermeasures consist of a variety of hardware, software, and protocols. Identifying requirements' inconsistencies and conflicts is challenging due to two reasons. First, requirements identification is generally made using methods of specific concern, e.g. safety, cybersecurity, data privacy, and business, and it does not consider concerns jointly. Second, mechanisms and countermeasures are specified to meet specific requirements and not all the requirements. For instance, a cybersecurity mechanism might interfere with the satisfaction of a safety requirement. It prompts us to seek methods that jointly allow us to analyze requirements. We are particularly interested in studying the interplay of safety mechanisms and cybersecurity countermeasures to address the requirements of CPSs. We also consider the business needs that drive the CPS projects. We analyze the mechanisms and countermeasures from a specific perspective - performance - to identify conflicts and reinforcements. In this perspective, conflict occurs when mechanisms compete for resources or require incompatible resources representing an issue in the design. Reinforcement occurs when two different mechanisms can meet the two requirements that originated them, and any mechanism of them can be employed. We then propose a workflow to systematically assess performance resource utilization to identify potential conflicts and reinforcements of mechanisms and countermeasures driven by safety, security, and business requirements. To provide a common basis for identifying requirements, we consider that safety requirements are identified by the STPA (System-Theoretic Process Analysis) method and cybersecurity requirements are identified using an STPA extended with STRIDE method. We present a use case of a drone delivery system to evaluate the workflow. The results demonstrate the feasibility of our workflow. (AU)