Strathmann, ThomasThomasStrathmannFröschle, SibylleSibylleFröschle2021-06-032021-06-032019-01-01Dagstuhl-Workshop: Modellbasierte Entwicklung Eingebetteter Systeme XIII (MBEES 2017)http://hdl.handle.net/11420/9667Due to the increasing amount of software and the number of communication interfaces in safety-critical embedded systems, it becomes necessary to integrate security analysis into modelbased development processes. We outline an integrated method for analyzing the model of a system under faults and attacks with regard to safety goals. This model-based safety and security analysis (MBSSA) builds on an existing approach to safety verification of component-based systems using fault injection: Ports of components are annotated with failure modes and a symbolic modelchecking procedure computes minimal fault combinations that lead to a violation of the safety goal. In close analogy to this fault injection approach, we propose to inject attacks into an abstract model of a security architecture. Specifically, we annotate the system model with abstract security measures and analyze the propagation of attacks. In order to avoid the state explosion problem, we perform the security analysis in isolation from the safety analysis. The result of the security analysis is a sequence of attacks that we inject into the model during the subsequent safety analysis. The attacks influence the behavior of the system, thereby serving a function very similar to failure modes. The analysis results can be used to guide the design of an integrated safety and security concept.enFault and Attack InjectionFunctional SafetyModel-Based Development and AnalysisSafety VerificationSecurity VerificationConference PaperOther