{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T01:48:20Z","timestamp":1780364900458,"version":"3.54.1"},"reference-count":46,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2023,7,13]],"date-time":"2023-07-13T00:00:00Z","timestamp":1689206400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CY Initiative d\u2019Excellence and Airbus Protect"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Cyber-Phys. Syst."],"published-print":{"date-parts":[[2023,7,31]]},"abstract":"<jats:p>Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria.<\/jats:p>\n          <jats:p>In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.<\/jats:p>","DOI":"10.1145\/3593811","type":"journal-article","created":{"date-parts":[[2023,5,2]],"date-time":"2023-05-02T12:36:07Z","timestamp":1683030967000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0384-444X","authenticated-orcid":false,"given":"Th\u00e9o","family":"Serru","sequence":"first","affiliation":[{"name":"ETIS laboratory\u2013UMR8051, France and Airbus Protect, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3273-8272","authenticated-orcid":false,"given":"Nga","family":"Nguyen","sequence":"additional","affiliation":[{"name":"L\u00e9onard de Vinci P\u00f4le Universitaire, Research Center, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5269-994X","authenticated-orcid":false,"given":"Michel","family":"Batteux","sequence":"additional","affiliation":[{"name":"IRT SystemX, France"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0926-5286","authenticated-orcid":false,"given":"Antoine","family":"Rauzy","sequence":"additional","affiliation":[{"name":"Norvegian University of Science and Technology, Norway"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,7,13]]},"reference":[{"key":"e_1_3_1_2_2","volume-title":"Principles of Model-Checking","author":"Baier Christel","year":"2008","unstructured":"Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model-Checking. MIT Press, Cambridge, MA."},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJCCBS.2019.098809"},{"key":"e_1_3_1_4_2","first-page":"2246","volume-title":"Proceedings of the 32nd European Safety and Reliability Conference (ESREL\u201922)","author":"Batteux Michel","year":"2022","unstructured":"Michel Batteux, Tatiana Prosvirnova, and Antoine Rauzy. 2022. A guided tour of AltaRica wizard, the AltaRica 3.0 integrated modeling environment. In Proceedings of the 32nd European Safety and Reliability Conference (ESREL\u201922), Maria Chiara Leva, Edoardo Patelli, Luca Podofillini, and Simon Wilson (Eds.). 2246\u20132253. Retrieved from https:\/\/www.rpsonline.com.sg\/proceedings\/esrel2022\/html\/S09-09-308.xml."},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.101"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0065-2458(03)58003-2"},{"key":"e_1_3_1_7_2","volume-title":"Systems Engineering and Analysis","author":"Blanchard Benjamin S.","year":"2008","unstructured":"Benjamin S. Blanchard and Wolter J. Fabrycky. 2008. Systems Engineering and Analysis. Pearson, Upper Saddle River, NJ."},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/RAMS.2002.981616"},{"key":"e_1_3_1_9_2","volume-title":"Integrating Fault Tree Analysis with Event Ordering Information","author":"Bozzano Marco","year":"2003","unstructured":"Marco Bozzano and Adolfo Villafiorita. 2003. Integrating Fault Tree Analysis with Event Ordering Information. Technical Report. Centro per la Ricerca Scientifica e Tecnologica. Retrieved from https:\/\/es-static.fbk.eu\/tools\/FSAP\/dissemination\/papers\/esrel-irst03.pdf."},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2015.02.009"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-85172-9_24"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44577-3_12"},{"key":"e_1_3_1_13_2","volume-title":"Model Checking","author":"Clarke Edmund M.","year":"2018","unstructured":"Edmund M. Clarke, Orna Grumberg, Daniel Kroening, Doron Peled, and Helmut Veith. 2018. Model Checking (2nd ed.). MIT Press, Cambridge, MA."},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/24.488924"},{"key":"e_1_3_1_15_2","unstructured":"Department of Computer Science University of Oxford. 2022. PRISM\u2014Probabilistic Symbolic Model Checker. Retrieved from http:\/\/www.prismmodelchecker.org\/."},{"key":"e_1_3_1_16_2","unstructured":"EVITA Project. 2011. EVITA: E-safety vehicle intrusion protected applications. Retrieved from https:\/\/www.evita-project.org\/."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-60761-7"},{"key":"e_1_3_1_18_2","volume-title":"Reliability Data for Safety Instrumented Systems","author":"Hauge Stein","year":"2010","unstructured":"Stein Hauge and Tor Onshus. 2010. Reliability Data for Safety Instrumented Systems. Sintef, Trondheim, Norway."},{"key":"e_1_3_1_19_2","unstructured":"UK Health and Safety Executive. 2017. Failure Rate and Event Data for use within Risk Assessments. Retrieved from https:\/\/www.hse.gov.uk\/landuseplanning\/failure-rates.pdf."},{"key":"e_1_3_1_20_2","volume-title":"Probabilistic Risk Assessment and Management for Engineers and Scientists","author":"Kumamoto Hiromitsu","year":"1996","unstructured":"Hiromitsu Kumamoto and Ernest J. Henley. 1996. Probabilistic Risk Assessment and Management for Engineers and Scientists. Wiley-IEEE Press, Piscataway, NJ. Retrieved from https:\/\/ieeexplore.ieee.org\/book\/5264399."},{"key":"e_1_3_1_21_2","volume-title":"The SPIN Model Checker: Primer and Reference Manual","author":"Holzmann Gerard J.","year":"2003","unstructured":"Gerard J. Holzmann. 2003. The SPIN Model Checker: Primer and Reference Manual. Addison Wesley, Boston, MA."},{"key":"e_1_3_1_22_2","volume-title":"Reliability and Risk Assessment","author":"Andrews John J.","year":"2002","unstructured":"John J. Andrews and Bob Moss. 2002. Reliability and Risk Assessment (2nd ed.). Retrieved from https:\/\/www.wiley.com\/en-ie\/Reliability+and+Risk+Assessment%2C+2nd+Edition-p-9781860582905."},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1177\/1748006X18765885"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2015.02.008"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011254632723"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57685-5_3"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44829-2_5"},{"key":"e_1_3_1_28_2","first-page":"4","volume-title":"Embeded Real Time Software and System conference","author":"Machin Mathilde","year":"2018","unstructured":"Mathilde Machin, Laurent Sagaspe, and Xavier de Bossoreille. 2018. SimfiaNeo, complex systems, yet simple safety. In Embeded Real Time Software and System conference. Toulouse, France, 4. Retrieved from https:\/\/www.erts2018.org\/uploads\/program\/ERTS_2018_paper_9.pdf."},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/288197.581193"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1142\/9789814261456_0001"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/1179494.1179495"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.5555\/530225"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2019.2923818"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/157485.164890"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.1201\/9781315374987-227"},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJCCBS.2015.068852"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1243\/1748006XJRR177"},{"key":"e_1_3_1_38_2","volume-title":"Probabilistic Safety Analysis with XFTA","author":"Rauzy Antoine","year":"2020","unstructured":"Antoine Rauzy. 2020. Probabilistic Safety Analysis with XFTA. AltaRica Association. Retrieved from http:\/\/www.altarica-association.org\/members\/arauzy\/Publications\/pdf\/Rauzy2020-XFTABook.pdf."},{"key":"e_1_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2011.02.005"},{"key":"e_1_3_1_40_2","volume-title":"Security Requirements for Automotive on-board Networks based on Dark-side Scenarios, Deliverable D2.3","author":"Ruddle Alastair","year":"2010","unstructured":"Alastair Ruddle, David Ward, Benjamin Weyl, Muhammad Sabir Idrees, Yves Roudier, Michael Friedewald, Timo Leimbach, Andreas Fuchs, Sigi Gurgens, Olaf Henniger, Rieke Roland, Matthias Ritscher, Henrik Broberg, Ludovic Apvrille, Renaud Pacalet, and Gabriel Pedroza. 2010. Security Requirements for Automotive on-board Networks based on Dark-side Scenarios, Deliverable D2.3. Contract EVITA. Telecom ParisTech. Retrieved from https:\/\/hal.telecom-paris.fr\/hal-02286288."},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2015.03.001"},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12010077"},{"key":"e_1_3_1_43_2","first-page":"8","volume-title":"Proceedings of the Congr\u00e8s Lambda Mu 23 \u201cInnovations et ma\u00eetrise des risques pour un avenir durable\u201d\u201423e Congr\u00e8s de Ma\u00eetrise des Risques et de S\u00fbret\u00e9 de Fonctionnement, Institut pour la Ma\u00eetrise des Risques","author":"Serru Th\u00e9o","year":"2022","unstructured":"Th\u00e9o Serru, Nga Nguyen, Michel Batteux, Antoine Rauzy, Raphael Blaize, Laurent Sagaspe, and Emmanuel Arbaretier. 2022. Generation of cyberattacks leading to safety top event using AltaRica: An automotive case study. In Proceedings of the Congr\u00e8s Lambda Mu 23 \u201cInnovations et ma\u00eetrise des risques pour un avenir durable\u201d\u201423e Congr\u00e8s de Ma\u00eetrise des Risques et de S\u00fbret\u00e9 de Fonctionnement, Institut pour la Ma\u00eetrise des Risques. 8. Retrieved from https:\/\/hal.archives-ouvertes.fr\/hal-03814648."},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/RAMS.2004.1285449"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/SaCoNeT.2018.8585452"},{"key":"e_1_3_1_46_2","first-page":"572","volume-title":"Proceedings of the 14th National Computer Security Conference","volume":"249","author":"Weiss J. D.","year":"1991","unstructured":"J. D. Weiss. 1991. A system security engineering process. In Proceedings of the 14th National Computer Security Conference, Vol. 249. 572\u2013581."},{"key":"e_1_3_1_47_2","unstructured":"Martyn Wingrove. 2018. \u201cImpregnable\u201d radar breached in simulated cyber attack. Retrieved from https:\/\/www.rivieramm.com\/news-content-hub\/news-content-hub\/impregnable-radar-breached-in-simulated-cyber-attack-25158."}],"container-title":["ACM Transactions on Cyber-Physical Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593811","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3593811","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:47:50Z","timestamp":1750178870000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3593811"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,13]]},"references-count":46,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2023,7,31]]}},"alternative-id":["10.1145\/3593811"],"URL":"https:\/\/doi.org\/10.1145\/3593811","relation":{},"ISSN":["2378-962X","2378-9638"],"issn-type":[{"value":"2378-962X","type":"print"},{"value":"2378-9638","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,13]]},"assertion":[{"value":"2022-07-29","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-04-11","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-07-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}