Security and Communication Networks

Research Article

A Systematic Approach for Cybersecurity Design of In-Vehicle Network Systems with Trade-Off Considerations

Co-analysis method list.


Name	Brief introduction	Gaps in co-analysis

FMVEA [28]	Failure mode, vulnerabilities, and effect analysis, a method of safety and security cause-effect analysis by using templates from the FMEA method	No interaction concerns
CHASSIS [29]	Combined harm assessment of safety and security, a systematic method for information system to analyze safety and security interactively by using HAZOP guidewords	No conflicts analysis between safety and security
SAHARA [30]	Security-aware hazard analysis and risk assessment, a method to perform security-aware identification of safety hazards and analyze impacts of security issues on safety aspects based on the STRIDE threat model	No conflicts analysis between safety and security
STPA-sec [7]	An extension of STPA for security, a method to identify losses, security vulnerabilities, and insecure control actions, in which steps are identical to the ones in STPA and can be executed in parallel	No discussion about the dependencies between both safety and security
STPA-SafeSec [31]	An optimized method of STPA-Sec, which integrates STPA and STPA-Sec into one concise framework and detects interdependencies between safety and security constraints	Only considers safety and security aspects, no UX concerns
BDMP-based method [32]	A BDMP-based method, which allows graphical modelling and advanced characterization of safety and security interdependencies	Only considers safety and security aspects, no UX concerns