Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology

Cyber-physical systems represent an engineering challenge due to their safety and security concerns, particularly those systems involved in critical infrastructure which require some of the highest standards of safety, availability, integrity and security. The complexity of these systems makes the identification and analysis of safety and security requirements challenging. In this paper, we present a methodology for identifying and formally analysing safety and security requirements, based on the STPA methodology and combined with modelling, traceability and formal verification through use of the Event-B formal method. Our STPA approach is then leveraged to generate 'critical requirements' to mitigate against undesirable system states, which are subsequently translated into constraints on an Event-B representation of the system. The Rodin toolset allows us to demonstrate that these critical requirements fully mitigate against the undesirable system states and therefore provide automated verification of the critical requirements.