TY - JOUR AU - Biro, Miklos AU - Mashkoor, Atif AU - Sametinger, Johannes TI - Safety and security of cyber-physical systems JF - JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS J2 - J SOFTW-EVOL PROC PY - 2022 PG - 3 SN - 2047-7473 DO - 10.1002/smr.2522 UR - https://m2.mtmt.hu/api/publication/33359588 ID - 33359588 LA - English DB - MTMT ER - TY - JOUR AU - Mashkoor, Atif AU - Egyed, Alexander AU - Wille, Robert AU - Stock, Sebastian TI - Model-driven engineering of safety and security software systems: A systematic mapping study and future research directions JF - JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS J2 - J SOFTW-EVOL PROC PY - 2022 PG - 26 SN - 2047-7473 DO - 10.1002/smr.2457 UR - https://m2.mtmt.hu/api/publication/33318822 ID - 33318822 AB - This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions. LA - English DB - MTMT ER - TY - CHAP AU - Stock, Sebastian AU - Mashkoor, Atif AU - Egyed, Alexander ED - Kotsis, G ED - Tjoa, AM ED - Khalil, I ED - Moser, B ED - Taudes, A ED - Mashkoor, A ED - Sametinger, J ED - Martinez-Gil, J ED - Sobieczky, F ED - Fischer, L ED - Ramler, R ED - Khan, M ED - Czech, G TI - Application of Validation Obligations to Security Concerns T2 - DATABASE AND EXPERT SYSTEMS APPLICATIONS, DEXA 2022 WORKSHOPS PB - Springer Netherlands CY - Cham SN - 9783031143427 T3 - Communications in Computer and Information Science, ISSN 1865-0929 PY - 2022 SP - 337 EP - 346 PG - 10 DO - 10.1007/978-3-031-14343-4_31 UR - https://m2.mtmt.hu/api/publication/33381233 ID - 33381233 AB - Our lives become increasingly dependent on safety- and security-critical systems, so formal techniques are advocated for engineering such systems. One of such techniques is validation obligations that enable formalizing requirements early in development to ensure their correctness. Furthermore, validation obligations help hold requirements consistent in an evolving model and create assurances about the model's completeness. Although initially proposed for safety properties, this paper shows how the technique of validation obligations enables us to also reason about security concerns through an example from the medical domain. LA - English DB - MTMT ER - TY - CHAP AU - Asmat, Mah Noor AU - Khan, Saif Ur Rehman AU - Mashkoor, Atif ED - Khan, Sohail ED - Sobieczky, Florian ED - Czech, Gerald ED - Fischer, Lukas ED - Martinez-Gil, Jorge ED - Fensel, Anna ED - Sametinger, Johannes ED - Mashkoor, Atif ED - Moser, Bernhard ED - Khalil, Ismail ED - Tjoa, A Min ED - Kotsis, Gabriele TI - A Conceptual Model for Mitigation of Root Causes of Uncertainty in Cyber-Physical Systems T2 - Database and Expert Systems Applications - DEXA 2021 Workshops PB - Springer Netherlands CY - Cham SN - 9783030871000 T3 - Communications in Computer and Information Science, ISSN 1865-0929 ; 1479. PY - 2021 SP - 9 EP - 17 PG - 9 DO - 10.1007/978-3-030-87101-7_2 UR - https://m2.mtmt.hu/api/publication/33359590 ID - 33359590 AB - Cyber-Physical Systems (CPS) are widely used in different domains. The major application domains of CPS are healthcare, transportation, manufacturing, industrial control systems, automatic pilot avionics, robotics systems, and so on. Uncertainty is one of the major issues that challenge the reliability of a CPS. In the literature, various approaches have been proposed to deal with uncertainty. However, fewer studies have focused on handling the root cause analysis of uncertainty and also suggesting the corresponding mitigation strategies. Inspired by this, we propose a conceptual model effective in mitigating the root causes of uncertainty in CPS. Moreover, some potential future research dimensions are outlined. LA - English DB - MTMT ER - TY - JOUR AU - Bíró, Miklós AU - Mashkoor, Atif AU - Sametinger, Johannes TI - Safe and secure cyber-physical systems JF - JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS J2 - J SOFTW-EVOL PROC VL - 33 PY - 2021 IS - 9 PG - 3 SN - 2047-7473 DO - 10.1002/smr.2340 UR - https://m2.mtmt.hu/api/publication/32293890 ID - 32293890 AB - Cyber-Physical Systems (CPSs) differ from traditional Information Technology (IT) systems in such a way that they interact with the physical environment, i.e., they can monitor and manipulate real objects and processes. For this special issue, the authors of the best papers of IWCFS 2019 were invited to submit extended versions of their workshop papers. Additionally, we received eight submissions from around the globe as a result of an open call. After thorough and stringent reviews, we selected six articles that provide relevant contributions to the field of safety and security for CPSs. LA - English DB - MTMT ER - TY - CONF AU - Mashkoor, Atif AU - Egyed, Alexander ED - Longo, F ED - Affenzeller, M ED - Padovano, A TI - Evaluating the alignment of sequence diagrams with system behavior T2 - Proceedings of the 2nd International Conference on Industry 4.0 and Smart Manufacturing (ISM 2020) PB - Elsevier Science C1 - Amsterdam T3 - Procedia Computer Science, ISSN 1877-0509 ; 180. PY - 2021 SP - 502 EP - 506 PG - 5 DO - 10.1016/j.procs.2021.01.267 UR - https://m2.mtmt.hu/api/publication/32293891 ID - 32293891 AB - In model-driven engineering, sequence diagrams are commonly used to describe a system's expected behavior in different scenarios. Indeed, the information flow described in sequence diagrams should actually take place during a real execution of the system in order to ensure its safety, security and correctness. If it does not, this may lead to serious consequences. In this short paper, we present a novel generic approach for addressing this issue by observing the live execution of a system and checking whether the exhibited information flow correctly follows what has been specified in sequence diagrams. (C) 2021 The Authors. Published by Elsevier B.V. LA - English DB - MTMT ER - TY - JOUR AU - Ponsard, Christophe AU - Grandclaudon, Jeremy AU - Massonet, Philippe TI - A goal-driven approach for the joint deployment of safety and security standards for operators of essential services JF - JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS J2 - J SOFTW-EVOL PROC VL - 33 PY - 2021 IS - 9 PG - 26 SN - 2047-7473 DO - 10.1002/smr.2338 UR - https://m2.mtmt.hu/api/publication/32293889 ID - 32293889 AB - Designing safety-critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber-physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co-engineering approaches. It advocates for the use of a model-based approach to provide a sound risk-oriented process and to capture rationales interconnecting top-level standards/directives to concrete safety/security measures. We show the benefits of adopting goal-oriented analysis that can be transposed later to domain-specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade-off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services. LA - English DB - MTMT ER - TY - JOUR AU - Singh, Neeraj Kumar AU - Lawford, Mark AU - Maibaum, Thomas S. E. AU - Wassyng, Alan TI - A formal approach to rigorous development of critical systems JF - JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS J2 - J SOFTW-EVOL PROC VL - 33 PY - 2021 IS - 4 PG - 27 SN - 2047-7473 DO - 10.1002/smr.2334 UR - https://m2.mtmt.hu/api/publication/32293892 ID - 32293892 AB - Safety critical systems, such as medical, automotive, and avionics systems, play an important role in our daily lives. Increasing demand for new technologies in these safety critical systems requires rapid adoption of commercial hardware and software. However, the adoption of new hardware and software increases life-threatening vulnerabilities. To aid in the reduction of these vulnerabilities and system failures, this paper proposes a framework based on formal methods for developing safety-critical systems from requirements analysis to code generation. This framework includes a development process for documenting system requirements using tabular expressions, automatic formal model generation from the documented requirements, verification and validation of the generated formal models using proof techniques and animations, interactive simulation for validating the required behavior of the developed models by enabling domain experts to observe the system states according to, and finally, code generation from the formal model into a desired language. A prototype toolchain is developed to automate this framework. An assessment of the proposed framework is undertaken through a case study: insulin infusion pump (IIP). LA - English DB - MTMT ER -