We survey the state-of-the-art on model-based formalisms for safety and security analysis, where safety refers to the absence of unintended failures, and security absence of malicious attacks. We consider fourteen model-based formalisms, comparing their modeling principles, the interaction between safety and security, and analysis methods. In each formalism, we model the classical Locked Door Example where possible. In addition, we compare the formalisms according their modeling expressiveness. Our key finding is that the exact nature of safety-security interaction is still ill-understood. Existing formalisms merge previous safety and security formalisms, without introducing specific constructs to model safety-security interactions, or metrics to analyze trade offs.
翻译:我们调查了基于模式的安全和安保分析形式主义最新技术,其中安全是指没有意外失败,安全是指没有恶意袭击。我们考虑14种基于模式的形式主义,比较其模式原则、安全与安保之间的互动以及分析方法。在每一种形式主义中,我们尽可能模拟典型的封闭门实例。此外,我们根据模式的表达性来比较形式主义。我们的主要发现是,安全-安保互动的确切性质仍然不为人所知。现有的形式主义结合了以往的安全和安保形式主义,没有引入安全-安保互动模式的具体构思,也没有引入分析交易的衡量标准。