Co-engineering safety and security in risk-prone smart work environments

Safety and security are two risk-driven aspects that are usually tackled separately. The importance of considering safety and security as inter-dependent aspects is highlighted in the recent literature. Co-engineering safety and security together as cyber-security has a direct or indirect effect on critical systems. This need is more into evidence with the advent of new technologies including the Internet of Things (IoT) and Smart Work Environments (SWEs), where it is essential to re-define the safety and security concepts. Internet of Things (IoT) is not a myth anymore and it is already at the pick of the hype cycle and is being increasingly adopted in different application areas including smart spaces. One of the areas where IoT technology is being implemented is the “Industry 4.0” which we refer to as Smart Work Environments (SWEs). As with all new technologies, SWEs introduce various issues and opportunities. Researchers have already started the struggle to tackle the unresolved issues while taking advantage of vast variety of new opportunities that emerge in this field. In the traditional risk management techniques adopted in manufacturing and industrial environments physical controls are in place to avoid risks related to safety. However, in SWEs these controls are not enough. The need for co-engineering safety and security arises in SWEs since, safety hazards might lead to security threats and vice versa. Also, security mechanisms should be flexible enough to facilitate risk treatment. Moreover, security mechanisms may also be used in collaboration with safety management systems to protect the safety of the workers in addition to protecting the access to sensitive physical resources in the SWEs. On the one hand, as more devices and tools are getting integrated in the IoT technology, the organizations adopting the Industry 4.0 become more and more vulnerable to the security threats. And hence new approaches should be proposed to protect the sensitive and critical resources in the SWEs. On the other hand, the IoT technology provides the chance to acquire ambient and monitoring data to be exploited for identifying and treating risks related to safety. While this is an advantage to protect persons' safety, the security rules should allow the treatment of risks, when necessary, by adapting to the safety-related contexts. In this thesis, the safety and security of risk-prone SWEs are tackled. Starting with safety, the SWE is studied to explore different components that should be used in an efficient risk management procedure. A run-time risk management methodology is proposed that exploits an automated risk assessment process that is developed considering the commonly adopted risk assessment techniques in the industry. To extract the safety knowledge in a computer-readable way, an ontology is designed and developed. Coming to security, a risk-adaptive Access Control (AC) model based on Attribute-Based Access Control (ABAC) is developed considering hierarchical safety-related contexts. Upon receiving risk descriptions, based on the designed meta-rules, the AC system adapts the security rules to allow risk treatment. To manage dynamically adapted security rules, a conflict analysis algorithm is proposed to find conflicting rules that might lead to unpredictable results at design time.