Approach for Enabling Security Across PLC Phases: An Industrial Use Case

Abstract

Security and safety aspects are tightly related between them, and they are two major issues to be tackle during the development of any system, especially safety critical systems. In fact, these systems are framed in highly regulated domains and they involve a huge set of standards which have been focused on safety related issues. However, security issues have been playing a key role until now. In the context of medical devices, the U.S. Food and Drug Administration and The National Institute of Standards and Technology have published special considerations in this sense. This paper extends the assurance cases approach and integrates security aspects. A tool chain is outlined for linking assurance cases and a source code vulnerability analysis tool. This approach is illustrated with an industrial use case.