WebSTAMP: a Web Application for STPA & STPA-Sec

Abstract

STAMP (System-Theoretic Accident Model and Processes) techniques such as STPA (System- Theoretic Process Analysis) and STPA-Sec (STPA for Security) have been applied only in an adhoc manner, without the aid of tools. More recently, tools have been proposed to help the application of STPA and STPA-Sec. Most of the tools focus on user experience issues and do not cover all the aspects of STPA and STPA-Sec. Three aspects of tools are systematization, automation and analysis completeness. Systematization allows the analysis to be performed in a more disciplined way while automation allows a more time efficient analysis. Analysis’ completeness is the analysis coverage in a given domain. We identify the essential requirements supporting business and stakeholders' needs for a STAMP based tool. We propose a STAMPcompliant web application, named WebSTAMP, for STPA and STPA-Sec. WebSTAMP is intended to aid analysts throughout the analysis process in a more automated and comprehensive way, and it aims to be a collaborative tool. We illustrate how the requirements are implemented in the current version of WebSTAMP with an example of use. The results show that WebSTAMP assists analysts to conduct safety and security analyses in a more systematic, automated and comprehensive manner.