Assessment of safety and security of system architectures for cyberphysical systems

Cyberphysical systems (CPS) are an integral part of modern societies since most of the critical infrastructure is controlled by these systems. CPS incorporate computer-based and network-based technologies for monitoring and control of physical processes. Two critically important properties of CPS are safety and security. It is widely accepted that properties such as safety and security need to be considered at the system design phase itself, especially at the architectural level wherein such properties are embedded in the final system. However, safety and security are inter-related and there seems to be a lack of techniques that consider both of them together. The NFR Approach, where NFR stands for Non-Functional Requirements, is a technique that allows simultaneous evaluation of both safety and security at the architectural level. In this paper we apply the NFR Approach to evaluate safety and security properties of an example CPS, namely, an oil-pipeline control system. We conclude that NFR Approach provides practical results that can be used by designers and developers to create safe and secure CPS.