A Collaborative Design Method for Safety and Security Engineers





cybersecurity, safety, collaborative design, system life cycle, vulnerability, management


The number of cyberattacks has been increasing not only on information systems but also on physical systems. Safety must be considered as an influence of cyberattacks. Vulnerabilities exploited in cyberattacks continue to occur day by day even if systems were developed securely. Security engineers must eliminate vulnerabilities even if the vulnerabilities occur after the developed systems are released. Vulnerabilities must be managed throughout system life cycle. But it takes time to apply its security patch. Safety engineers are required to ensure safety even when vulnerabilities exist. Therefore, collaboration between safety and security (S&S) engineers is necessary to manage corresponding S&S in operation process. S&S should be considered simultaneously in early stage of development process. Collaborative discussion is useful to mitigating risk of reworks. It is an example of reworks by inadequate S&S discussion that the braking system might be redesigned to promote the response in order to compensate for the delay caused by encryption. Therefore, this paper proposes common models effective for the collaboration throughout system life cycle. A management approach using the models is also proposed. Common model is represented by data flow diagram (DFD) because a module under cyberattacks can adversely affect other modules only through data flows. In the proposed method, the three improvements contribute to supporting management throughout system life cycle. Firstly, the models are applied to safety analysis and security analysis. Secondly, vulnerability occurrence is managed at the level of modules. System structures are designed based on modules. Module abnormalities caused by cyberattacks on the vulnerabilities are managed as causes of safety corruption. To indicate critical points for system to be considered, the points from a safety perspective must be identified. Processes and information are traced from the points in DFD. Finally, a module, which performs sets of functions, is outsourced. For each module, it must be considered who will manage vulnerabilities. The proposed method is illustrated using a development of a self-driving wheelchair as an example. In this paper, the collaborative design method for S&S engineers of products and their management based on modules are described to ensure safety even when unexpected vulnerabilities exist.