Quantitative Assessment of Safety and Security of System Architectures for Cyberphysical Systems Using the NFR Approach

Cyberphysical systems (CPSs) are an integral part of modern societies since most critical infrastructures are controlled by these systems. CPSs incorporate computer-based and network-based technologies for the monitoring and control of physical processes. Two critically important properties of CPSs are safety and security. It is widely accepted that properties such as safety and security should be considered at the system design phase itself, particularly at the architectural level wherein such properties are embedded in the final system. However, safety and security are interrelated, and there seems to be a lack of techniques that consider both of them together. The nonfunctional requirement (NFR) approach is a technique that allows the simultaneous evaluation of both safety and security at the architectural level. In this paper, we apply the NFR approach to quantitatively evaluate the safety and security properties of an example CPS, i.e., an oil pipeline control system. We conclude that the NFR approach provides practical results that can be used by designers and developers to create safe and secure CPSs.