Previously, STPA analysis has been widely used to identify interaction issues between users and various components, as well as to identify failures in components and potential accidents due to emergent behavior. However, today I'd like to go beyond this safety perspective and introduce the concept of STPA-Sec (Security) to demonstrate an example of STPA analysis with added security considerations. Below, we'll add L-5, the loss of user's personal information exposure, to the existing safety-related losses identified from L-1 to L-4. This means that users will now analyze STPA not only from a safety perspective but also considering security aspects.
We identify UCA (Unsafe Control Action) according to the STPA steps. The CA (Control Action) we will analyze is the "Enable AH" control command issued by the driver to the Autohold Module
The possible UCAs are as follows: UCA - 17: The driver activates the Autohold module while driving, but the 'Enable AH' command is not provided.
Next is the step of identifying loss scenarios. The loss scenario below is a scenario that could occur due to UCA - 17. The green shading represents the analysis from the perspective of misuse or safety in STPA, while the yellow shading represents the results from the perspective of security in STPA-Sec analysis.
It's a simple example, but through STPA analysis, we were able to perform both safety and security analyses of the target system.
Previously, STPA analysis has been widely used to identify interaction issues between users and various components, as well as to identify failures in components and potential accidents due to emergent behavior. However, today I'd like to go beyond this safety perspective and introduce the concept of STPA-Sec (Security) to demonstrate an example of STPA analysis with added security considerations. Below, we'll add L-5, the loss of user's personal information exposure, to the existing safety-related losses identified from L-1 to L-4. This means that users will now analyze STPA not only from a safety perspective but also considering security aspects.
We identify UCA (Unsafe Control Action) according to the STPA steps. The CA (Control Action) we will analyze is the "Enable AH" control command issued by the driver to the Autohold Module
The possible UCAs are as follows:
UCA - 17: The driver activates the Autohold module while driving, but the 'Enable AH' command is not provided.
Next is the step of identifying loss scenarios. The loss scenario below is a scenario that could occur due to UCA - 17. The green shading represents the analysis from the perspective of misuse or safety in STPA, while the yellow shading represents the results from the perspective of security in STPA-Sec analysis.
It's a simple example, but through STPA analysis, we were able to perform both safety and security analyses of the target system.