STAMP-based Approach to Analyze Safety, Security and Data Privacy

Security has been of paramount importance to organizations since its lack can result in financial and reputational losses. Privacy is gaining attention because of the increasing legal protection of the right to data privacy. Due to their complexity, in terms of technology, sociology and law, assuring both security and privacy is a major challenge in the development of cyber-physical systems. In general, both security and privacy concerns are addressed by security countermeasures. There is no approach that employs the systems theory model to jointly identify and analyze security and privacy issues. STAMP is a causation model, based on systems theory, that allows analyzing emergent properties in the concept stage of system development. STPA is the tool based on STAMP to analyze safety. STPA has been employed to analyze more recently security. In this work, we propose an approach based on STAMP to analyze safety, security and privacy concerns jointly for cyber-physical systems. The approach uses attributes and threats of security and privacy to identify losses and hazards. We employ the approach in an example of electronic voting system development and we show that the approach is effective in identifying hazardous control actions.