{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T09:28:52Z","timestamp":1766050132402,"version":"3.41.0"},"reference-count":34,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,1,31]],"date-time":"2023-01-31T00:00:00Z","timestamp":1675123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Union\u2019s Horizon 2020 research and innovation programme","award":["830892"],"award-info":[{"award-number":["830892"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2023,1,31]]},"abstract":"<jats:p>During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety architecture patterns has consequences on security; e.g., the deployment of a safety architecture pattern may lead to new threats. The other way around may also be possible; i.e., the deployment of a security architecture pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and tradeoffs in order to reach appropriate system designs. Currently, architecture pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually by experts and thus is time-consuming and prone to human error, especially given the high system complexity. We propose the use of semantically rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats, and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.<\/jats:p>","DOI":"10.1145\/3565269","type":"journal-article","created":{"date-parts":[[2022,9,29]],"date-time":"2022-09-29T11:44:34Z","timestamp":1664451874000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Automating Safety and Security Co-design through Semantically Rich Architecture Patterns"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0298-2805","authenticated-orcid":false,"given":"Yuri Gil","family":"Dantas","sequence":"first","affiliation":[{"name":"fortiss GmbH, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4089-1218","authenticated-orcid":false,"given":"Vivek","family":"Nigam","sequence":"additional","affiliation":[{"name":"Federal University of Para\u00edba, Brazil, and Huawei Technologies D\u00fcsseldorf GmbH, D\u00fcsseldorf, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,2,22]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"Design Patterns for Safety-critical Embedded Systems","author":"Armoush Ashraf","year":"2010","unstructured":"Ashraf Armoush. 2010. Design Patterns for Safety-critical Embedded Systems. Ph.D. Dissertation. RWTH Aachen University."},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.5555\/1875218"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.3233\/SAT190075"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/MODELS-C.2019.00014"},{"key":"e_1_3_2_7_2","volume-title":"ICLP","author":"Dantas Yuri Gil","year":"2020","unstructured":"Yuri Gil Dantas, Antoaneta Kondeva, and Vivek Nigam. 2020. Less manual work for safety engineers: Towards an automated safety reasoning with safety patterns. In ICLP."},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.5220\/0010831700003119"},{"key":"e_1_3_2_9_2","unstructured":"Yuri Gil Dantas and Vivek Nigam. 2021. https:\/\/github.com\/ygdantas\/safsecpat."},{"key":"e_1_3_2_10_2","article-title":"Security engineering for ISO 21434","volume":"2012","author":"Dantas Yuri Gil","year":"2020","unstructured":"Yuri Gil Dantas, Vivek Nigam, and Harald Ruess. 2020. Security engineering for ISO 21434. CoRR abs\/2012.15080 (2020). arxiv:2012.15080","journal-title":"CoRR"},{"key":"e_1_3_2_11_2","volume-title":"IEEE Vehicular Networking Conference (VNC\u201920)","author":"Dantas Yuri Gil","year":"2020","unstructured":"Yuri Gil Dantas, Vivek Nigam, and Carolyn Talcott. 2020. A formal security assessment framework for cooperative adaptive cruise control. In IEEE Vehicular Networking Conference (VNC\u201920)."},{"key":"e_1_3_2_12_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1007\/978-3-319-24255-2_21","volume-title":"SAFECOMP","author":"Delmas Kevin","year":"2015","unstructured":"Kevin Delmas, R\u00e9mi Delmas, and Claire Pagetti. 2015. Automatic architecture hardening using safety patterns. In SAFECOMP(Lecture Notes in Computer Science, Vol. 9337). Springer, 283\u2013296."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1983.1056650"},{"key":"e_1_3_2_14_2","volume-title":"SAFECOMP","author":"Duerrwang Juergen","year":"2017","unstructured":"Juergen Duerrwang, Kristian Beckers, and Reiner Kriesten. 2017. A lightweight threat analysis approach intertwining safety and security for the automotive domain. In SAFECOMP."},{"issue":"2","key":"e_1_3_2_15_2","doi-asserted-by":"crossref","first-page":"91","DOI":"10.4271\/11-01-02-0005","article-title":"Enhancement of automotive penetration testing with threat analyses results.","volume":"1","author":"Duerrwang J.","year":"2018","unstructured":"J. Duerrwang, M. Braun, , R. Kriesten, and A. Pretschner. 2018. Enhancement of automotive penetration testing with threat analyses results. SAE Intl. J. of Transportation Cybersecurity and Privacy 1, 2 (2018), 91\u2013112.","journal-title":"SAE Intl. J. of Transportation Cybersecurity and Privacy"},{"key":"e_1_3_2_16_2","volume-title":"AutoFOCUS 2.19","author":"GmbH fortiss","year":"2020","unstructured":"fortiss GmbH. 2020. AutoFOCUS 2.19. https:\/\/www.fortiss.org\/en\/publications\/software\/autofocus-3."},{"key":"e_1_3_2_17_2","series-title":"Lecture Notes in Computer Science","first-page":"148","volume-title":"FAST","author":"Gay Richard","year":"2011","unstructured":"Richard Gay, Heiko Mantel, and Barbara Sprick. 2011. Service automata. In FAST(Lecture Notes in Computer Science, Vol. 7140), Gilles Barthe, Anupam Datta, and Sandro Etalle (Eds.). Springer, 148\u2013163."},{"key":"e_1_3_2_18_2","volume-title":"ICLP","author":"Gelfond Michael","year":"1990","unstructured":"Michael Gelfond and Vladimir Lifschitz. 1990. Logic programs with classical negation. In ICLP."},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC.2001.963314"},{"key":"e_1_3_2_20_2","unstructured":"ISO26262. 2018. ISO 26262 road vehicles - functional safety - Part 6: Product development: Software level. Available at https:\/\/www.iso.org\/standard\/43464.html."},{"key":"e_1_3_2_21_2","unstructured":"ISO\/SAE AWI 21434. 2020. Road vehicles - cybersecurity engineering."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/581339.581406"},{"key":"e_1_3_2_23_2","volume-title":"WoSoCer","author":"Kondeva Antoaneta","year":"2019","unstructured":"Antoaneta Kondeva, Carmen Carlan, Harald Ruess, and Vivek Nigam. 2019. On computer-aided techniques for supporting safety and security co-engineering. In WoSoCer."},{"key":"e_1_3_2_24_2","first-page":"64","article-title":"The DLV system for knowledge representation and reasoning","volume":"7","author":"Leone Nicola","year":"2006","unstructured":"Nicola Leone, Gerald Pfeifer, Wolfgang Faber, Thomas Eiter, Georg Gottlob, Simona Perri, and Francesco Scarcello. 2006. The DLV system for knowledge representation and reasoning. ACM Trans. Comput. Logic 7 (2006), 64 pages.","journal-title":"ACM Trans. Comput. Logic"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2019.106773"},{"key":"e_1_3_2_26_2","unstructured":"MIL-STD-2165. 1985. Military Standard Testability Program for Electronic Systems and Equipments."},{"key":"e_1_3_2_27_2","volume-title":"ESORICS","author":"Pedroza Gabriel","year":"2018","unstructured":"Gabriel Pedroza. 2018. Towards safety and security co-engineering - Challenging aspects for a consistent intertwining. In ESORICS."},{"key":"e_1_3_2_28_2","doi-asserted-by":"crossref","DOI":"10.1016\/j.ress.2012.09.011","article-title":"Cross-fertilization between safety and security engineering","author":"Pietre-Cambacedes Ludovic","year":"2013","unstructured":"Ludovic Pietre-Cambacedes and Marc Bouissou. 2013. Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. (2013).","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2017.09.006"},{"key":"e_1_3_2_30_2","unstructured":"Christopher Preschern Nermin Kajtazovic and Christian Kreiner. 2013. Security analysis of safety patterns. InPLoP."},{"key":"e_1_3_2_31_2","volume-title":"SAFECOMP 2019 Workshops","author":"Sadany Magdy El","year":"2019","unstructured":"Magdy El Sadany, Christoph Schmittner, and Wolfgang Kastner. 2019. Assuring compliance with protection profiles with threatget. In SAFECOMP 2019 Workshops."},{"key":"e_1_3_2_32_2","volume-title":"Threat Modeling: Designing for Security","author":"Shostack Adam","year":"2014","unstructured":"Adam Shostack. 2014. Threat Modeling: Designing for Security. Wiley."},{"key":"e_1_3_2_33_2","volume-title":"SAFECOMP 2018 Workshops","author":"Skoglund Martin A.","year":"2018","unstructured":"Martin A. Skoglund, Fredrik Warg, and Behrooz Sangchoolie. 2018. In search of synergies in a multi-concern development lifecycle: Safety and cybersecurity. In SAFECOMP 2018 Workshops. Springer."},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2020.101765"},{"key":"e_1_3_2_35_2","unstructured":"Wired. 2015. Hackers Remotely Kill a Jeep on the Highway-With Me in It. https:\/\/www.wired.com\/2015\/07\/hackers-remotely-kill-jeep-highway\/."}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3565269","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3565269","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:43Z","timestamp":1750178263000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3565269"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,31]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,31]]}},"alternative-id":["10.1145\/3565269"],"URL":"https:\/\/doi.org\/10.1145\/3565269","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"type":"print","value":"2378-962X"},{"type":"electronic","value":"2378-9638"}],"subject":[],"published":{"date-parts":[[2023,1,31]]},"assertion":[{"value":"2021-07-16","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-14","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}