Lecture Notes in Computer Science 10489

Commenced Publication in 1973Founding and Former Series Editors:Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board

David HutchisonLancaster University, Lancaster, UK

Takeo KanadeCarnegie Mellon University, Pittsburgh, PA, USA

Josef KittlerUniversity of Surrey, Guildford, UK

Jon M. KleinbergCornell University, Ithaca, NY, USA

Friedemann MatternETH Zurich, Zurich, Switzerland

John C. MitchellStanford University, Stanford, CA, USA

Moni NaorWeizmann Institute of Science, Rehovot, Israel

C. Pandu RanganIndian Institute of Technology, Madras, India

Bernhard SteffenTU Dortmund University, Dortmund, Germany

Demetri TerzopoulosUniversity of California, Los Angeles, CA, USA

Doug TygarUniversity of California, Berkeley, CA, USA

Gerhard WeikumMax Planck Institute for Informatics, Saarbrücken, Germany

More information about this series at http://www.springer.com/series/7408

Stefano Tonetta • Erwin SchoitschFriedemann Bitsch (Eds.)

Computer Safety,Reliability, and SecuritySAFECOMP 2017 WorkshopsASSURE, DECSoS, SASSUR, TELERISE, and TIPSTrento, Italy, September 12, 2017Proceedings

123

EditorsStefano TonettaFondazione Bruno KesslerTrentoItaly

Erwin SchoitschAustrian Institute of Technology GmbH AITViennaAustria

Friedemann BitschThales Deutschland GmbHDitzingenGermany

ISSN 0302-9743 ISSN 1611-3349 (electronic)Lecture Notes in Computer ScienceISBN 978-3-319-66283-1 ISBN 978-3-319-66284-8 (eBook)DOI 10.1007/978-3-319-66284-8

Library of Congress Control Number: 2017952205

LNCS Sublibrary: SL2 – Programming and Software Engineering

© Springer International Publishing AG 2017This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of thematerial is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology nowknown or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in this book arebelieved to be true and accurate at the date of publication. Neither the publisher nor the authors or the editorsgive a warranty, express or implied, with respect to the material contained herein or for any errors oromissions that may have been made. The publisher remains neutral with regard to jurisdictional claims inpublished maps and institutional affiliations.

Printed on acid-free paper

This Springer imprint is published by Springer NatureThe registered company is Springer International Publishing AGThe registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface

For many years now, the SAFECOMP conference has had a successful add-on – theSAFECOMP workshop day, preceding the main conference. The SAFECOMPworkshops have become particularly attractive since they started generating their ownproceedings in the Springer LNCS series (Springer LNCS vol. 10489, the book in yourhands; the main conference proceedings are LNCS 10488). This has meant adhering toSpringer’s standards, i.e., the respective International Program Committee of eachworkshop had to make sure that at least three independent reviewers reviewed thepapers carefully. The selection criteria were different from the those for the mainconference since authors were encouraged to submit workshop papers, i.e., on work inprogress and on potentially controversial topics. In total, 39 regular papers wereaccepted.

All five workshops (selected from six proposals) are sequels to earlier workshops,organized by well-known chairs and respected Program Committees, which showscontinuity of their relevance to the scientific and industrial community that deals withsafety, reliability, and security of computer (control) systems:

• ASSURE 2017 – 5th International Workshop on Assurance Cases forSoftware-Intensive Systems, chaired by Ewen Denney, Ibrahim Habli, Ganesh Pai,and Kenji Taguchi (full day);

• DECSoS 2017 – 12th ERCIM/EWICS/ARTEMIS Workshop on DependableEmbedded and Cyber-physical Systems and Systems-of-Systems, chaired byErwin Schoitsch and Amund Skavhaug (full day);

• SASSUR 2017 – 6th International Workshop on Next Generation of SystemAssurance Approaches for Safety-Critical Systems, chaired by Alejandra Ruiz, JoseLuis de la Vara, and Tim Kelly (full day);

• TIPS 2017 – 2nd International workshop on Timing Performance in Safety Engi-neering, chaired by Chokri Mraida, Laurent Rioux, Julio L. Medina, andMarc Geilen (half day);

• TELERISE 2017 – 3rd International Workshop on Technical and Legal Aspects ofData Privacy and Security, chaired by Ilaria Matteucci, Paolo Mori, andMarinella Petrocchi (full day; this workshop is new to the SAFECOMP conferenceseries, although not the first one in its life time).

Similar to the SAFECOMP conference, the workshops provide a truly internationalplatform for academia and industry.

It has been a pleasure to work with my general co-chair, Stefano Tonetta, myworkshop co-chair Amund Skavhaug, and particularly with the publication chairFriedemann Bitsch, the workshop chairs, the workshop Program Committees, and theauthors. Thank you all for your good cooperation and excellent work!

September 2017 Erwin Schoitsch

Organization

EWICS TC7 Chair

Francesca Saglietti University of Erlangen-Nuremberg, Germany

Conference Co-chairs

Stefano Tonetta FBK Fondazione Bruno Kessler, ItalyErwin Schoitsch AIT Austrian Institute of Technology, Austria

Program Co-chairs

Erwin Schoitsch AIT Austrian Institute of Technology, AustriaStefano Tonetta FBK Fondazione Bruno Kessler, Italy

Workshop Chair

Erwin Schoitsch AIT Austrian Institute of Technology, Austria

Publication Chair

Friedemann Bitsch Thales Deutschland GmbH, Germany

Local Organizing Committee

Annalisa Armani FBK Fondazione Bruno Kessler, ItalySilvia Malesardi FBK Fondazione Bruno Kessler, ItalyStefano Tonetta FBK Fondazione Bruno Kessler, Italy

Workshop Chairs

ASSURE 2017

Ewen Denney SGT/NASA Ames Research Center, USAIbrahim Habli University of York, UKGanesh Pai SGT/NASA Ames Research Center, USAKenji Taguchi AIST, Japan

DECSoS 2017

Erwin Schoitsch AIT Austrian Institute of Technology, AustriaAmund Skavhaug NTNU, Norway

SASSUR 2017

Alejandra Ruiz Lopez Tecnalia, SpainJose Luis de La Vara Carlos III University of Madrid, SpainHuascar Espinoza ESI Tecnalia, Spain

TELERISE 2017

Ilaria Matteucci IIT-CNR, ItalyPaolo Mori IIT-CNR, ItalyMarinella Petrocchi IIT-CNR, Italy

TIPS 2017

Laurent Rioux Thales R&T, FranceChokri Mraidha CEA List, FranceMarc Geilen Eindhoven University of Technology, The NetherlandsJulio Medina Universidad de Cantabria, Spain

VIII Organization

Supporting Institutions

European Workshop on Industrial ComputerSystems Reliability, Safety and Security

Fondazione Bruno Kessler

Austrian Institute of Technology

Thales Deutschland GmbH

Lecture Notes in Computer Science (LNCS),Springer Science + Business Media

European Space Agency

Austrian Association for Research in IT

Austrian Computer Society

Organization IX

European Research Consortiumfor Informatics and Mathematics

ARTEMIS Industry Association

Electronic Components and Systemsfor European Leadership - Austria

German Computer Society

European Network of Clubs for Reliabilityand Safety of Software-Intensive Systems

IEEE SMC Technical Committee onHomeland Security (TCHS)

Associazione Italiana per l’Informatica e ilCalcolo Automatico

Verband österreichischer Software Industrie –Austrian Software Industry Association

X Organization

Contents

5th International Workshop on Assurance Cases for Software-IntensiveSystems (ASSURE 2017)

Making the Case for Safety of Machine Learning in HighlyAutomated Driving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Simon Burton, Lydia Gauerhof, and Christian Heinzemann

A Thought Experiment on Evolution of Assurance Cases —froma Logical Aspect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Shuji Kinoshita and Yoshiki Kinoshita

Using an Assurance Case Framework to Develop Security Strategyand Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Robin Bloomfield, Peter Bishop, Eoin Butler, and Kate Netkachova

Uniform Model Interface for Assurance Case Integrationwith System Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Andrzej Wardziński and Paul Jones

ExplicitCase: Integrated Model-Based Development of Systemand Safety Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Carmen Cârlan, Simon Barner, Alexander Diewald,Alexandros Tsalidis, and Sebastian Voss

D-Case Communicator: A Web Based GSN Editorfor Multiple Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Yutaka Matsuno

Towards Combined Safety and Security Constraints Analysis . . . . . . . . . . . . 70Daniel Pereira, Celso Hirata, Rodrigo Pagliares,and Simin Nadjm-Tehrani

Attack Modeling for System Security Analysis (Position Paper) . . . . . . . . . . 81Abdullah Altawairqi and Manuel Maarek

Reconciling Systems-Theoretic and Component-Centric Methodsfor Safety and Security Co-analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

William G. Temple, Yue Wu, Binbin Chen, and Zbigniew Kalbarczyk

12th International ERCIM/EWICS/ARTEMIS Workshopon Dependable Smart Embedded Cyber-Physical Systemsand Systems-of-Systems (DECSoS 2017)

Analysis of Potential Code Vulnerabilities InvolvingOverlapping Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Loui Al Sardy, Tong Tang, Marc Spisländer, and Francesca Saglietti

Increasing Dependability in Safety Critical CPSsUsing Reflective Statecharts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Miren Illarramendi, Leire Etxeberria, Xabier Elkorobarrutia,and Goiuria Sagardui

A Survey of Hardware Technologies for Mixed-Critical IntegrationExplored in the Project EMC2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Haris Isakovic, Radu Grosu, Denise Ratasich, Jiri Kadlec, Zdenek Pohl,Steve Kerrison, Kyriakos Georgiou, Kerstin Eder, Norbert Druml,Lillian Tadros, Flemming Christensen, Emilie Wheatley, Bastian Farkas,Rolf Meyer, and Mladen Berekovic

Safe Implementation of Mixed-Criticality Applications in MulticorePlatforms: A Model-Based Design Approach . . . . . . . . . . . . . . . . . . . . . . . 141

Pasquale Antonante, Juan Valverde-Alcalá, Stylianos Basagiannis,and Marco Di Natale

GSN Support of Mixed-Criticality Systems Certification . . . . . . . . . . . . . . . 157Carlos-F. Nicolas, Fernando Eizaguirre, Asier Larrucea, Simon Barner,Franck Chauvel, Goiuria Sagardui, and Jon Perez

Concepts for Reliable Communication in a Software-DefinedNetwork Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Ferdinand von Tüllenburg and Thomas Pfeiffenberger

Combining Safety and Security Analysis for Industrial CollaborativeAutomation Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Sándor Plósz, Christoph Schmittner, and Pál Varga

Software Updates in Safety and Security Co-engineering . . . . . . . . . . . . . . . 199Imanol Mugarza, Jorge Parra, and Eduardo Jacob

Detailed Analysis of Security Evaluation of Automotive Systems Basedon JASO TP15002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Yasuyuki Kawanishi, Hideaki Nishihara, Daisuke Souma,and Hirotaka Yoshida

Systematic Composition of Services from Distributed Systemsfor Highly Dynamic Collaboration Processes . . . . . . . . . . . . . . . . . . . . . . . 225

Sebastian Müller and Peter Liggesmeyer

XII Contents

Safety Assurance for Autonomous and Collaborative MedicalCyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Fabio L. Leite Jr., Rasmus Adler, and Patrik Feth

Safety-Aware Control of Swarms of Drones . . . . . . . . . . . . . . . . . . . . . . . . 249Amin Majd, Elena Troubitsyna, and Masoud Daneshtalab

6th International Workshop on Next Generation of SystemAssurance Approaches for Safety-Critical Systems (SASSUR 2017)

Representation of Safety Standards with Semantic TechnologiesUsed in Industrial Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Jose Luis de la Vara, Álvaro Gómez, Elena Gallego, Gonzalo Génova,and Anabel Fraga

Automotive SPICE, Safety and Cybersecurity Integration . . . . . . . . . . . . . . . 273Georg Macher, Alexander Much, Andreas Riel, Richard Messnarz,and Christian Kreiner

Safety and Security Co-engineering and Argumentation Framework . . . . . . . 286Helmut Martin, Robert Bramberger, Christoph Schmittner,Zhendong Ma, Thomas Gruber, Alejandra Ruiz, and Georg Macher

Process Assessment in Supplier Selection for Safety-Critical Systemsin Nuclear Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

Timo Varkoi and Risto Nevalainen

A Runtime Risk Assessment Concept for Safe Reconfigurationin Open Adaptive Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Nikita Bhardwaj and Peter Liggesmeyer

Assuring Degradation Cascades of Car Platoons via Contracts . . . . . . . . . . . 317Irfan Sljivo, Barbara Gallina, and Bernhard Kaiser

3rd International Workshop on TEchnical and LEgal Aspectsof Data pRIvacy and SEcurity (TELERISE 2017)

Transparent Personal Data Processing: The Road Ahead . . . . . . . . . . . . . . . 337Piero Bonatti, Sabrina Kirrane, Axel Polleres, and Rigo Wenning

The Use of Data Protection Regulatory Actions as a Data Sourcefor Privacy Economics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

Aaron Ceross and Andrew Simpson

Automated Legal Compliance Checking by Security Policy Analysis. . . . . . . 361Silvio Ranise and Hari Siswantoro

Contents XIII

Access Control Policy Coverage Assessment Through Monitoring. . . . . . . . . 373Antonello Calabrò, Francesca Lonetti, and Eda Marchetti

Try Walking in My Shoes, if You Can: Accurate Gait RecognitionThrough Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Giacomo Giorgi, Fabio Martinelli, Andrea Saracino,and Mina Sheikhalishahi

Security Flows in OAuth 2.0 Framework: A Case Study . . . . . . . . . . . . . . . 396Marios Argyriou, Nicola Dragoni, and Angelo Spognardi

PolEnA: Enforcing Fine-grained Permission Policies in Android . . . . . . . . . . 407Gabriele Costa, Federico Sinigaglia, and Roberto Carbone

Fast Estimation of Privacy Risk in Human Mobility Data. . . . . . . . . . . . . . . 415Roberto Pellungrini, Luca Pappalardo, Francesca Pratesi,and Anna Monreale

Security and Privacy in the Automotive Domain:A Technical and Social Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Zhendong Ma, Walter Seböck, Bettina Pospisil, Christoph Schmittner,and Thomas Gruber

One Click Privacy for Online Social Networks . . . . . . . . . . . . . . . . . . . . . . 435Philipp Hehnle, Pascal Keilbach, Hyun-Jin Lee, Sabrina Lejn,Daniel Steidinger, Marina Weinbrenner, and Hanno Langweg

2nd International Workshop on Timing Performance in SafetyEngineering (TIPS 2017)

Modeling Rover Communication Using Hierarchical State Machineswith Scala . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Klaus Havelund and Rajeev Joshi

Towards Component-Based (max,+) Algebraic Throughput Analysisof Hierarchical Synchronous Data Flow Models . . . . . . . . . . . . . . . . . . . . . 462

Mladen Skelin and Marc Geilen

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

XIV Contents