Identifying Contradictions in Safety and Security Requirements for Industrial Cyber-Physical Systems

Industrial cyber-physical systems (iCPSs) integrate information space and physical environments through computation, communication, and control. Sophisticated attacks on industrial systems such as Stuxnet, Duqu, and Wannacry have become a reality. These attacks steal critical data and harm safety-critical physical devices, exposing iCPSs to hazards and threats. To mitigate these risks, iCPSs develop strategies based on safety and security (S&S) requirements. However, unnoticed contradictions may exist among safety requirements, security requirements or between the two. These contradictions negatively impact iCPSs and must be identified and resolved.

This work aims to provide a systematic methodology for identifying contradictions in S&S requirements. The study investigates two key research questions: what are the characteristics of contradictions in S&S requirements and how can they be identified based on their characteristics? A widely used seven-phase research methodology in risk analysis is employed, including observation, objectives, theory, testing, revision, prototype, and validation. Results include three key discussion findings, five theoretical foundations, a four-phase methodology, and a case study validating the approach.

This work comprehensively reviews relevant literature, discussing the definition of iCPSs, analyzing the relationships between S&S and their corresponding approaches, and determining the causes and forms of contradictions and limitations in their identification. Findings indicate that S&S adopt different system models and methods for eliciting and representing requirements, resulting in conceptual ambiguity and inconsistency in requirements. This makes it difficult to identify contradictions. Thus, the research studies approaches in joint S&S analysis, particularly in requirements elicitation and representation, to propose a suitable methodology for identifying contradictions.

Based on the above analysis, this study proposes a four-phase methodology with five theoretical foundations for identifying contradictions. Firstly, the method provides a conceptual model for iCPSs and adopts S&S objectives to constrain objects and interactions within the model. Secondly, the method unifies the elicitation of S&S requirements by causes-phenomena-effects analysis and coordinates their representation by a requirements template. These measures make contradictions easier to identify. Finally, we propose two sufficient conditions that result in contradictions and provide algorithms to judge whether these conditions are satisfied or not. To demonstrate the methodology's application, we apply it to a smart factory integrating multiple automatic guided vehicles (AGVs). Results show that this approach can effectively detect imperceptible contradictions in S&S requirements.

工业网络物理系统(iCPSs)是指通过计算、通信和控制集成信息空间和物理环境的下一代工业系统。近年来，对工业系统的复杂攻击已经从虚幻的好莱坞电影走入了现实。Stuxnet、Duqu和Wannacry等攻击对iCPSs造成了严重破坏。它们窃取私人数据并损坏安全关键的物理设备，使得iCPSs面临功能安全隐患和信息安全威胁。为了降低此类风险，iCPSs需要根据功能安全和信息安全需求制定安全策略。然而，功能安全需求之间，信息安全需求之间，以及功能安全和信息安全的 需求之间，可能存在难以察觉的矛盾冲突。这会对iCPSs产生负面影响，亟需被识别与解决。

本工作的目标即提供一个系统的方法论来识别这种矛盾冲突。研究的问题有两个，一是功能安全和信息安全需求中的冲突有什么特点，二是如何根据这些特点系统化地识别冲突。该工作采用“文献综述、制定目标、理论分析、测试、理论 修正、方法论原型设计、研究案例验证”这一风险分析领域常用的七步骤研究方法进行研究，得到了三个讨论结果，提出五个理论基础，并提供一套包含四阶段的方法论，以及一个识别冲突的研究案例。

具体而言，本工作对相关工作进行了全面的回顾：讨论了iCPSs的定义，探讨了功能安全和信息安全的关系以及处理相应关系的方法，分析了功能安全和信息安全需求中冲突的原因、表现形式以及现有冲突识别方法的局限性。根据得到的结论是，功能安全和信息安全需求分析依据的系统模型不同，需求引出、需求表示的方法不同，从而导致安全需求中出现概念模糊和不一致性，也进一步对冲突的识别造成困难。因此，本研究进一步调研了联合分析功能安全和信息安全的方法，以及需求引出和需求表示的方法，为进一步提出合适的冲突识别方法提供基础。

在以上分析基础上，本工作提出了识别冲突的理论和方法论。该方法为iCPS提供了一个概念模型，并采用安全目标来约束模型中的对象和交互。该方法还通过原因–现象–结果分析统一了安全需求的引出，并通过需求模板统一了它们的表示。此外，本工作确定了导致矛盾的两个充分条件，并提供了判断是否满足这些条件的算法。研究案例中，该方法在多自动引导车构成的智能工厂中的应用表明， 它可以有效地识别功能安全和信息安全需求中难以察觉的矛盾冲突。

[1] COLOMBO A W, KARNOUSKOS S, KAYNAK O, et al. Industrial cyberphysical systems: A backbone of the fourth industrial revolution[J/OL]. IEEE Industrial Electronics Magazine, 2017, 11(1): 6-16. DOI: 10.1109/MIE.2017.2648857.
[2] MA R, CHENG P, ZHANG Z, et al. Stealthy attack against redundant controller architecture of industrial cyber-physical system[J]. IEEE Internet of Things Journal, 2019, 6(6): 9783-9793.
[3] TAO F, QI Q, WANG L, et al. Digital twins and cyber–physical systems toward smart manufacturing and industry 4.0: Correlation and comparison[J/OL]. Engineering, 2019, 5(4): 653-661. DOI: 10.1016/j.eng.2019.01.014.
[4] LANGNER R. Stuxnet: Dissecting a cyberwarfare weapon[J]. IEEE Security and Privacy, 2011, 9(3): 49-51.
[5] BENCSÁTH B, PÉK G, BUTTYÁN L, et al. Duqu: Analysis, detection, and lessons learned [C]//ACM European Workshop on System Security (EuroSec), 2012.
[6] MOHURLE S, PATIL M. A brief study of wannacry threat: Ransomware attack 2017[J]. International Journal of Advanced Research in Computer Science, 2017, 8(5): 1938-1940.
[7] ABDI F, CHEN C Y, HASAN M, et al. Preserving physical safety under cyber attacks[J]. IEEE Internet of Things Journal, 2018, 6(4): 6285-6300.
[8] WOLF M, SERPANOS D. Safety and security in cyber-physical systems and internet-of-things systems[J/OL]. Proceedings of the IEEE, 2017, 106(1): 9-20. DOI: 10.1109/JPROC.2017.278 1198.
[9] KRIAA S, PIETRE-CAMBACEDES L, BOUISSOU M, et al. A survey of approaches combining safety and security for industrial control systems[J/OL]. Reliability Engineering and System Safety, 2015, 139: 156-178. DOI: 10.1016/j.ress.2015.02.008.
[10] CARRERAS GUZMAN N H. Identification of safety and security cascading risks in cyber- physical systems[D/OL]. 2020. DOI: 10.13140/RG.2.2.13043.66085.
[11] LEE E A. Cyber physical systems: Design challenges[C]//2008 11th IEEE international symposium on object and component-oriented real-time distributed computing (ISORC), 2008: 363- 369.
[12] JAZDI N. Cyber physical systems in the context of Industry 4.0[C]//2014 IEEE international conference on automation, quality and testing, robotics, 2014: 1-4.
[13] HU L, XIE N, KUANG Z, et al. Review of cyber-physical system architecture[C]//2012 IEEE 15th international symposium on object/component/service-oriented real-time distributed computing workshops, 2012: 25-30.
[14] PANDA S K, MAJUMDER M, WISNIEWSKI L, et al. Real-time industrial communication by using opc ua field level communication[C]//2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), 2020: 1143-1146.
[15] WANG Z J, HUANG Y H, HE B Y. Dual-grained representation for hand, foot, and mouth disease prediction within public health cyber-physical systems[J]. Software: Practice and Experience, 2021, 51(11): 2290-2305.
[16] SAKURAMA K. Control of large-scale cyber-physical systems with agents having various dynamics[J]. IEEE Transactions on Big Data, 2020, 6(4): 691-701.
[17] KOCABAS O, SOYATA T, AKTAS M K. Emerging security mechanisms for medical cyber-physical systems[J]. IEEE/ACM Transactions on Computational Biology and Bioinformatics, 2016, 13(3): 401-416.
[18] CINTUGLU M H, MOHAMMED O A, AKKAYA K, et al. A survey on smart grid cyber-physical system testbeds[J]. IEEE Communications Surveys and Tutorials, 2017, 19(1): 446- 464.
[19] GILL H. From vision to reality: cyber-physical systems[C]//HCSS national workshop on new research directions for high confidence transportation CPS: automotive, aviation, and rail, 2008: 1-29.
[20] GRIFFOR E R, GREER C, WOLLMAN D A, et al. Framework for cyber-physical systems : Volume 1, Overview: volume 1[M]. NIST Special Publication 1500-201, 2017: 79.
[21] GEISBERGER E, BROY M. Living in a networked world: Integrated research agenda Cyber-Physical System (agendaCPS)[M]. Herbert Utz Verlag, 2015.
[22] SCHÄTZ B, TÖRNGREEN M, BENSALEM S, et al. Cyber-physical European roadmap and strategy: research agenda and recommendations for action[J]. CyPhERS, Tech. Rep., 2015.
[23] GUNES V, PETER S, GIVARGIS T, et al. A survey on concepts, applications, and challenges in cyber-physical systems[J]. KSII Transactions on Internet and Information Systems, 2014, 8 (12): 4242-4268.
[24] WANG L H, TÖRNGREN M, ONORI M. Current status and advancement of cyber-physical systems in manufacturing[J]. Journal of Manufacturing Systems, 2015, 37: 517-527.
[25] HOFFMANN M W, MALAKUTI S, GRÜNER S, et al. Developing Industrial CPS: A Multi- Disciplinary Challenge[J]. Sensors, 2021, 21(6): 1991.
[26] ASHIBANI Y, MAHMOUD Q H. Cyber physical systems security: Analysis, challenges and solutions[J]. Computers and Security, 2017, 68: 81-97.
[27] JBAIR M, AHMAD B, MUS’ AB H A, et al. Industrial cyber physical systems: A survey for control-engineering tools[C]//2018 IEEE Industrial Cyber-Physical Systems (ICPS). IEEE, 2018: 270-276.
[28] FOR ECONOMIC AFFAIRS F M, ENERGY. Plattform Industrie 4.0 - RAMI4.0 – A reference framework for digitalisation[J]. Plattform Industrie 4.0, 2019.
[29] LEE J, BAGHERI B, KAO H A. A cyber-physical systems architecture for Industry 4.0-based manufacturing systems[J]. Manufacturing Letters, 2015, 3: 18-23.
[30] LIN S W, MILLER B, DURAND J, et al. The industrial internet of things volume G1: reference architecture[J]. Industrial Internet Consortium, 2017, 1: 1-7.
[31] LU Y, MORRIS K C, FRECHETTE S, et al. Current standards landscape for smart manufacturing systems[J]. National Institute of Standards and Technology, NISTIR, 2016, 8107: 39.
[32] EAMES D P, MOFFETT J. The integration of safety and security requirements[C]// International Conference on Computer Safety, Reliability, and Security, 1999: 468-480.
[33] PIÈTRE-CAMBACÉDÈS L. Des relations entre sûreté et sécurité[D]. Télécom ParisTech, 2010.
[34] CARRERAS GUZMAN N H, KOZINE I. Uncontrolled flows of information and energy in cyber-physical systems[J]. European Safety and Reliability Association Newsletter, 2018: 2-3.
[35] YOUNG W, LEVESON N G. An integrated approach to safety and security based on systems theory[J]. Communications of the ACM, 2014, 57(2): 31-35.
[36] RUIJTERS E, STOELINGA M. Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools[J]. Computer Science Review, 2015, 15: 29-62.
[37] ANDREWS J D, DUNNETT S J. Event-tree analysis using binary decision diagrams[J]. IEEE Transactions on Reliability, 2000, 49(2): 230-238.
[38] FERDOUS R, KHAN F, SADIQ R, et al. Handling and updating uncertain information in bow-tie analysis[J]. Journal of Loss Prevention in the Process Industries, 2012, 25(1): 8-19.
[39] SCHMITTNER C, GRUBER T, PUSCHNER P, et al. Security application of failure mode and effect analysis (FMEA)[C]//International Conference on Computer Safety, Reliability, and Security, 2014: 310-325.
[40] SUHARDI B, LAKSONO P W, AYU V E, et al. Analysis of the potential Hazard Identification and Risk Assessment (HIRA) and Hazard Operability Study (HAZOP): Case study[J]. International Journal of Engineering and Technology(UAE), 2018, 7(3): 1-7.
[41] STAMATELATOS M. Probabilistic risk assessment: What is it and why is it worth performing it[J]. NASA Office of Safety and Mission Assurance, 2000, 4(05): 00.
[42] WREATHALL J, NEMETH C. Assessing risk: The role of probabilistic risk assessment (PRA) in patient safety improvement[J]. Quality and Safety in Health Care, 2004, 13(3): 206-212.
[43] GUO C, GONG S, TAN L, et al. Extended GTST-MLD for aerospace system safety analysis[J]. Risk Analysis, 2012, 32(6): 1060-1071.
[44] MODARRES M, CHEON S W. Function-centered modeling of engineering systems using the goal tree-success tree technique and functional primitives[J]. Reliability Engineering and System Safety, 1999, 64(2): 181-200.
[45] DI MAIO F, MASCHERONA R, ZIO E. Risk analysis of cyber-physical systems by GTST-MLD [J]. IEEE Systems Journal, 2020, 14(1): 1333-1340.
[46] KHAN S, MADNICK S, MOULTON A. Cyber-safety analysis of an industrial control system for Chillers using STPA-Sec[J]. SSRN Electronic Journal, 2019.
[47] PATRIARCA R, CHATZIMICHAILIDOU M, KARANIKAS N, et al. The past and present of System-Theoretic Accident Model And Processes (STAMP) and its associated techniques: A scoping review[J]. Safety Science, 2022, 146(October 2021).
[48] SONG Y. Applying system-theoretic accident model and processes (STAMP) to hazard analysis [D]. 2012.
[49] LI F, WANG W, XU J, et al. A CAST-based causal analysis of the catastrophic underground pipeline gas explosion in Taiwan[J]. Engineering Failure Analysis, 2020, 108: 104343.
[50] YAKYMETS N, SANGO M, DHOUIB S, et al. Model-based engineering, safety analysis and risk assessment for personal care robots[C]//2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), 2018: 6136-6141.
[51] JOSHI A, MILLER S P, WHALEN M, et al. A proposal for model-based safety analysis[C]// 2005 AIAA/IEEE 24th Digital Avionics Systems Conference, 2005: 13-pp.
[52] LISAGOR O, KELLY T, NIU R. Model-based safety assessment: Review of the discipline and its challenges[C]//The Proceedings of 2011 9th International Conference on Reliability, Maintainability and Safety, 2011: 625-632.
[53] MO Y, KIM T H J, BRANCIK K, et al. Cyber-physical security of a smart grid infrastructure [J]. Proceedings of the IEEE, 2012, 100(1): 195-209.
[54] SCHMITTNER C, MA Z, PUSCHNER P. Limitation and improvement of STPA-Sec for safety and security co-analysis[C]//International Conference on Computer Safety, Reliability, and Se- curity, 2016: 195-209.
[55] BOLBOT V, THEOTOKATOS G, BOULOUGOURIS E, et al. A novel cyber-risk assessment method for ship systems[J]. Safety Science, 2020, 131: 104908.
[56] YOUNG W, LEVESON N. Systems thinking for safety and security[C/OL]//Proceedings of the 29th Annual Computer Security Applications Conference, 2013: 1-8. DOI: 10.1145/2523649. 2530277.
[57] LIAO Y, WANG J, TIAN K, et al. Risk analysis for railway signaling safety data network based on extend Bayesian attack graph[J]. Journal of Physics: Conference Series, 2020, 1549 (5): 052070.
[58] SABALIAUSKAITE G, MATHUR A P. Aligning cyber-physical system safety and security [M/OL]//Complex Systems Design and Management Asia, 2015: 41-53. DOI: 10.1007/978-3 -319-12544-2_4.
[59] DEROCK A, HEBRARD P, VALLÉE F. Convergence of the latest standards addressing safety and security for information technology[C]//ERTS2 2010, Embedded Real Time Software and Systems, 2010.
[60] FOVINO I N, MASERA M, DE CIAN A. Integrating cyber attacks within fault trees[J]. Reliability Engineering and System Safety, 2009, 94(9): 1394-1402.
[61] STEINER M, LIGGESMEYER P. Combination of safety and security analysis - Finding security problems that threaten the safety of a system[C]//SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security, 2016: 1-8.
[62] ABDO H, KAOUK M, FLAUS J M, et al. A safety/security risk analysis approach of industrial control systems: A cyber bowtie – combining new version of attack tree with bowtie analysis [J]. Computers and Security, 2018, 72: 175-195.
[63] SCHMITTNER C, MA Z, SMITH P. FMVEA for safety and security analysis of intelligent and cooperative vehicles[C/OL]//International Conference on Computer Safety, Reliability, and Security. International Conference on Computer Safety, Reliability, and Security, 2014: 282- 288. DOI: 10.1007/978-3-319-10557-4_31.
[64] MACHER G, SPORER H, BERLACH R, et al. SAHARA: a security-aware hazard and risk analysis method[C]//2015 Design, Automation and Test in Europe Conference and Exhibition (DATE), 2015: 621-624.
[65] KRIAA S, BOUISSOU M, COLIN F, et al. Safety and security interactions modeling using the BDMP formalism: case study of a pipeline[C]//International Conference on Computer Safety, Reliability, and Security, 2014: 326-341.
[66] PIÈTRE-CAMBACÉDÈS L, BOUISSOU M. Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes)[C]//2010 IEEE International Conference on Systems, Man and Cybernetics, 2010: 2852-2861.
[67] TANTAWY A, ERRADI A, ABDELWAHED S. A modified layer of protection analysis for cyber-physical systems security[C]//2019 4th International Conference on System Reliability and Safety (ICSRS), 2019: 94-101.
[68] FRIEDBERG I, MCLAUGHLIN K, SMITH P, et al. STPA-SafeSec: Safety and security analysis for cyber-physical systems[J]. Journal of Information Security and Applications, 2017, 34: 183-196.
[69] KAVALLIERATOS G, KATSIKAS S, GKIOULOS V. SafeSec Tropos: Joint security and safety requirements elicitation[J/OL]. Computer Standards and Interfaces, 2020, 70: 103429. DOI: 10.1016/j.csi.2020.103429.
[70] KUMAR R, STOELINGA M. Quantitative security and safety analysis with attack-fault trees[C]//2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 2017: 25-32.
[71] TANTAWY A, ABDELWAHED S, ERRADI A. Cyber LOPA: An Integrated Approach for the Design of Dependable and Secure Cyber-Physical Systems[J]. IEEE Transactions on Reliability, 2022, 71(2): 1075-1091.
[72] KRIAA S, BOUISSOU M, LAAROUCHI Y. A model based approach for SCADA safety and security joint modelling: S-cube[J]. IET Conference Proceedings, 2015: 6-12.
[73] SABALIAUSKAITE G, LIEW L S, CUI J. Integrating autonomous vehicle safety and security analysis using stpa method and the six-step model[J]. International Journal on Advances in Security, 2018, 11(1, 2): 160-169.
[74] SUBRAMANIAN N, ZALEWSKI J. Assessment of safety and security of system architectures for cyberphysical systems[C]//2013 IEEE International Systems Conference (SysCon), 2013: 634-641.
[75] RASPOTNIG C, KARPATI P, KATTA V. A combined process for elicitation and analysis of safety and security requirements[J]. Lecture Notes in Business Information Processing, 2012, 113 LNBIP(5020): 347-361.
[76] KORNECKI A J, SUBRAMANIAN N, ZALEWSKI J. Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks[C]//2013 Federated Conference on Computer Science and Information Systems, 2013: 1393-1399.
[77] AGUDELO O H R, KOPKE C, TORRES F S. Bayesian network model for accessing safety and security of offshore wind farms[C]//2020 30th European Safety and Reliability Conference (ESREL)and 15th Probabilistic Safety Assessment and Management Conference (PSAM), 2020.
[78] LYU X, DING Y, YANG S H. Bayesian network based C2P risk assessment for cyber-physical systems[J]. IEEE Access, 2020, 8: 88506-88517.
[79] GEORGE P G, RENJITH V. Evolution of safety and security risk assessment methodologies to- wards the use of Bayesian Networks in process industries[J]. Process Safety and Environmental Protection, 2021, 149: 758-775.
[80] GUZMAN N H C, WIED M, KOZINE I, et al. Conceptualizing the key features of cyber- physical systems in a multi-layered representation for safety and security analysis[J]. Systems Engineering, 2020, 23(2): 189-210.
[81] GUZMAN N H C, MEZOVARI A G. Design of IoT-based cyber-physical systems: A driverless bulldozer Prototype[J]. Information, 2019, 10(11): 343.
[82] GUZMAN N H C, KOZINE I, LUNDTEIGEN M A. An integrated safety and security analysis for cyber-physical harm scenarios[J]. Safety science, 2021, 144: 105458.
[83] SUN M, MOHAN S, SHA L, et al. Addressing safety and security contradictions in cyber- physical systems[C]//Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW’09), 2009.
[84] NOVAK T, GERSTINGER A. Safety-and security-critical services in building automation and control systems[J]. IEEE Transactions on Industrial Electronics, 2009, 57(11): 3614-3621.
[85] HERRMANN A, PAECH B, PLAZA D. ICRAD: An integrated process for the solution of re- quirements conflicts and architectural design[J]. International Journal of Software Engineering and Knowledge Engineering, 2006, 16(6): 917-950.
[86] GU T, LU M, LI L. Extracting interdependent requirements and resolving conflicted requirements of safety and security for industrial control systems[C/OL]//2015 First International Conference on Reliability Systems Engineering (ICRSE), 2015: 1-8. DOI: 10.1109/ICRSE.2015.7 366481.
[87] LYU X, DING Y, YANG S H. Safety and security risk assessment in cyber-physical systems [J]. IET Cyber-Physical Systems: Theory and Applications, 2019, 4: 221-232.
[88] LISOVA E, ŠLJIVO I, ČAUŠEVIĆ A. Safety and security co-analyses: A systematic literature review[J/OL]. IEEE Systems Journal, 2018, 13(3): 2189-2200. DOI: 10.1109/JSYST.2018.2 881017.
[89] OUEIDAT T, FLAUS J M, MASSÉ F. A review of combined safety and security risk analysis approaches: Application and Classification[C]//2020 International Conference on Control, Automation and Diagnosis (ICCAD), 2020: 1-7.
[90] DONG C, LOY C C, HE K, et al. Learning a deep convolutional network for image super-resolution[C]//European conference on computer vision, 2014: 184-199.
[91] VAN G, Houdt, MOSQUERA C, NÁPOLES G. A review on the long short-term memory model [J]. Artificial Intelligence Review, 2020, 53(8): 5929-5955.
[92] YOUSEFI A, HERNANDEZ M R. Using a system theory based method (STAMP) for hazard analysis in process industry[J]. Journal of Loss Prevention in the Process Industries, 2019, 61: 305-324.
[93] SUBRAMANIAN N, ZALEWSKI J. Quantitative assessment of safety and security of system architectures for cyberphysical systems using the NFR approach[J]. IEEE Systems Journal, 2016, 10(2): 397-409.
[94] RASPOTNIG C, KATTA V, KARPATI P, et al. Enhancing CHASSIS: a method for combining safety and security[C]//2013 International Conference on Availability, Reliability and Security, 2013: 766-773.
[95] GUZMAN N H C, ZHANG J, XIE J, et al. A comparative study of STPA-Extension and the UFoI-E method for safety and security co-analysis[J/OL]. Reliability Engineering and System Safety, 2021, 211: 107633. DOI: 10.1016/j.ress.2021.107633.
[96] FU G, XIE X, JIA Q, et al. The development history of accident causation models in the past 100 years: 24Model, a more modern accident causation model[J]. Process Safety and Environmental Protection, 2020, 134: 47-82.
[97] DUNJÓ J, FTHENAKIS V, VÍLCHEZ J A, et al. Hazard and operability (HAZOP) analysis: A literature review[J/OL]. Journal of Hazardous Materials, 2010, 173(1-3): 19-32. DOI: 10.101 6/j.jhazmat.2009.08.076.
[98] STAMATIS D H. Failure mode and effect analysis: FMEA from theory to execution[M]. Quality Press, 2003.
[99] PEREIRA D, HIRATA C, PAGLIARES R, et al. Towards combined safety and security constraints analysis[C/OL]//International conference on computer safety, reliability, and security. Springer, 2017: 70-80. DOI: 10.1007/978-3-319-66284-8_7.
[100] CHO C S, CHUNG W H, KUO S Y. Using tree-based approaches to analyze dependability and security on IC systems in safety-critical systems[J/OL]. IEEE Systems Journal, 2018, 12(2): 1118-1128. DOI: 10.1109/JSYST.2016.2635681.
[101] CHEN X, HAN L, LIU J, et al. Using safety requirement patterns to elicit requirements for railway interlocking systems[C/OL]//2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 2016: 296-303. DOI: 10.1109/REW.2016.055.
[102] RIAZ M, SLANKAS J, KING J, et al. Using templates to elicit implied security requirements from functional requirements - A controlled experiment[C/OL]//Proceedings of the 8th ACM/IEEE international symposium on empirical software engineering and measurement, 2014: 1-10. DOI: 10.1145/2652524.2652532.
[103] PROVENZANO L, HÄNNINEN K, ZHOU J, et al. An ontological approach to elicit safety requirements[C/OL]//2017 24th Asia-Pacific Software Engineering Conference (APSEC), 2017: 713-718. DOI: 10.1109/APSEC.2017.91.
[104] SOUAGA, SALINESIC, MAZOR, etal. A security ontology for security requirements elicitation[C/OL]//International symposium on engineering secure software and systems, 2015: 157- 177. DOI: 10.1007/978-3-319-15618-7_13.
[105] ISHIMATSU T, LEVESON N G, THOMAS J P, et al. Hazard analysis of complex spacecraft using systems-theoretic process analysis[J/OL]. Journal of Spacecraft and Rockets, 2014, 51 (2): 509-522. DOI: 10.2514/1.A32449.
[106] YOUNGW,LEVESONN.Systemsthinkingforsafetyandsecurity[J/OL].ACMInternational Conference Proceeding Series, 2013: 1-8. DOI: 10.1145/2523649.2530277.
[107] SALINI P, KANMANI S. Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: A systematic solution for developing secure software systems[J/OL]. International Journal of Information Security, 2016, 15(3): 319- 334. DOI: 10.1007/s10207-015-0305-x.
[108] BRUNNER M, HUBER M, SAUERWEIN C, et al. Towards an integrated model for safety and security requirements of cyber-physical systems[C/OL]//2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), 2017: 334-340. DOI: 10.1 109/QRS-C.2017.63.
[109] BRUELJM, EBERSOLDS, GALINIERF, etal.The role of formalism in system requirements [J/OL]. ACM Computing Surveys (CSUR), 2021, 54(5): 1-36. DOI: 10.1145/3448975.
[110] NGUYEN T. FORM-L: A Modelica Extension for properties modelling illustrated on a practical example[C/OL]//number 96. Proceedings of the 10th International Modelica Conference; March 10-12; 2014; Lund; Sweden, 2014: 1227-1236. DOI: 10.3384/ecp140961227.
[111] BOWEN J P, HINCHEY M, VASSEV E. Formal Requirements Specification[J/OL]. Encyclopedia of Software Engineering, 2010: 321-332. DOI: 10.1081/E-ESE-120044177.
[112] MAVIN A, WILKINSON P, HARWOOD A, et al. Easy approach to requirements syntax (EARS)[C/OL]//2009 17th IEEE International Requirements Engineering Conference. IEEE, 2009: 317-322. DOI: 10.1109/RE.2009.9.
[113] WHITTLE J, SAWYER P, BENCOMO N, et al. Relax: Incorporating uncertainty into the specification of self-adaptive systems[C/OL]//2009 17th IEEE International Requirements Engineering Conference. IEEE, 2009: 79-88. DOI: 10.1109/RE.2009.36.
[114] KONRAD S, CHENG B H. Real-time specification patterns[C/OL]//Proceedings of the 27th international conference on Software engineering. 2005: 372-381. DOI: 10.1109/ICSE.2005. 1553580.
[115] JUE W, SONG Y, WU X, et al. A semi-formal requirement modeling pattern for designing industrial cyber-physical systems[C/OL]//IECON 2019-45th Annual Conference of the IEEE Industrial Electronics Society: volume 1. IEEE, 2019: 2883-2888. DOI: 10.1109/IECON.20 19.8926665.
[116] LEE W J, CHA S D, KWON Y R. Integration and analysis of use cases using modular Petri nets in requirements engineering[J/OL]. IEEE Transactions on software engineering, 1998, 24 (12): 1115-1130. DOI: 10.1109/32.738342.
[117] ZHUD,TANH,YAOS. Petrinets-based method to elicit component-interaction related safety requirements in safety-critical systems[J/OL]. Computers and Electrical Engineering, 2018, 71: 162-172. DOI: 10.1016/j.compeleceng.2018.07.019.
[118] NAUMCHEV A. Seamless object-oriented requirements[C/OL]//2019 International Multi- Conference on Engineering, Computer and Information Sciences (SIBIRCON). IEEE, 2019: 0743-0748. DOI: 10.1109/SIBIRCON48586.2019.8958211.
[119] KATINA M. The basics of information security: Understanding the fundamentals of InfoSec in theory and practice: volume 31[M/OL]. 2012: 634-635. DOI: 10.1016/j.cose.2012.03.005.
[120] PAULSEN C, JM B, BARTOL W. N.: Criticality analysis process model[R]. Tech. rep, 2018.
[121] SCHMITTNER C, GRUBER T, PUSCHNER P, et al. Security application of failure mode and effect analysis (FMEA)[C]//Computer Safety, Reliability, and Security: 33rd International Conference, SAFECOMP 2014, Florence, Italy, September 10-12, 2014. Proceedings 33. Springer, 2014: 310-325.