You are required to read and agree to the below before accessing a full-text version of an article in the IDE article repository.

The full-text document you are about to access is subject to national and international copyright laws. In most cases (but not necessarily all) the consequence is that personal use is allowed given that the copyright owner is duly acknowledged and respected. All other use (typically) require an explicit permission (often in writing) by the copyright owner.

For the reports in this repository we specifically note that

  • the use of articles under IEEE copyright is governed by the IEEE copyright policy (available at http://www.ieee.org/web/publications/rights/copyrightpolicy.html)
  • the use of articles under ACM copyright is governed by the ACM copyright policy (available at http://www.acm.org/pubs/copyright_policy/)
  • technical reports and other articles issued by M‰lardalen University is free for personal use. For other use, the explicit consent of the authors is required
  • in other cases, please contact the copyright owner for detailed information

By accepting I agree to acknowledge and respect the rights of the copyright owner of the document I am about to access.

If you are in doubt, feel free to contact webmaster@ide.mdh.se

Integrating Attack-Fault Trees in the ODE Metamodel for Security and Safety Co-Analysis in the Automotive Domain

Fulltext:


Authors:

Victor Luiz Grechi , André Luiz de Oliveira , Barbara Gallina, Leonardo Montecchi , Rosana Teresinha Vaccare Braga

Research group:

Certifiable Evidences & Justification Engineering

Publication Type:

Conference/Workshop Paper

Venue:

49th IEEE International Conference on Computers, Software, and Applications

Abstract

Integrating safety and security in automotive cyberphysical systems (CPS) domains (e.g. autonomous vehicles), is challenging for two main reasons. First, it is still difficult to represent the potential consequences of system failures or malicious attacks. Secondly, these systems must ensure safety and security despite unknowns and uncertainties. A Digital Dependability Identity (DDI) can facilitate this by encapsulating all dependability characteristics (e.g., design, requirements, safety, and security analysis models) of CPS’s components. The Open Dependability Exchange (ODE) metamodel is an implementation of the DDI concept, but has limitations in the interplay between safety and security. ODE is aligned with with ISO 26262 but lacks certain security concepts to be aligned with ISO 21434. Also, ODE supports modeling fault trees, but modeling attack trees and attack-fault trees still not. This paper proposes an extension to the ODE metamodel, aiming to increase coverage of ISO 21434 concepts and allowing the modeling of attackfault trees. We built these metamodel extensions based on an analysis of the ODE metamodel, industry standards, Microsoft STRIDE model, and HEAVENS security analysis methodologies. We evaluated the proposed extensions in an illustrative example of an autonomous vehicle.

Bibtex

@inproceedings{Grechi7186,
author = {Victor Luiz Grechi and Andr{\'e} Luiz de Oliveira and Barbara Gallina and Leonardo Montecchi and Rosana Teresinha Vaccare Braga},
title = {Integrating Attack-Fault Trees in the ODE Metamodel for Security and Safety Co-Analysis in the Automotive Domain},
month = {July},
year = {2025},
booktitle = {49th IEEE International Conference on Computers, Software, and Applications},
url = {http://www.es.mdu.se/publications/7186-}
}