Browse > Article
http://dx.doi.org/10.5516/NET.04.2012.061

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES  

Park, Jaekwan (Korea Atomic Energy Research Institute)
Suh, Yongsuk (Korea Atomic Energy Research Institute)
Publication Information
Nuclear Engineering and Technology / v.46, no.1, 2014 , pp. 47-54 More about this Journal
Abstract
The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.
Keywords
Nuclear Safety Software; Nuclear Software Development; Software Development Process; Software Security; Secure System;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Weber W, Tondok H, Bachmayer M, "Enhancing software safety by fault trees: experiences from an application to flight critical software", Reliability Engineering & System Safety, vol. 89, pp. 57-70 (2005).   DOI   ScienceOn
2 USNRC. Regulatory Guide 1.152 Revision 3, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants", 2011.
3 USNRC. Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities", 2010.
4 Ghahramani B., "Software reliability analysis: a systems development model", Computers & Industrial Engineering, vol. 45, pp. 295-305 (2003).   DOI
5 Nai Fovino I, Masera M, De Cian A, "Integrating cyber attacks within fault trees", Reliability Engineering & System Safety, vol. 94, pp. 1394-1402 (2009).   DOI
6 Chou IH, "Secure Software Configuration Management Processes for nuclear safety software development environment", Annals of Nuclear Energy, vol. 38, pp. 2174-2179 (2011).   DOI
7 Lahtinen J, Valkonen J, Bjorkman K, Frits J, Niemela I, Heljanko K, "Model checking of safety-critical software in the nuclear engineering domain", Reliability Engineering & System Safety, vol. 105, pp. 104-113 (2012).   DOI
8 Chou IH, Fan C-F, "Regulatory-based development processes for software security in nuclear safety systems", Progress in Nuclear Energy, vol. 52, pp. 395-402 (2010).   DOI
9 USNRC. Regulatory Guide 1.152 Revision 2, "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants", 2006.
10 Kesler B, "The Vulnerability of Nuclear Facilities to Cyber Attack", Strategic Insights, vol. 10, pp. 15-25 (2011).
11 Zakaria I. Saleh, Heba Refai, Mashhour A, "Proposed Framework for Security Risk Assessment", Journal of Information Security, vol. 2, pp. 85-90 (2011).   DOI
12 Nai Fovino I, Guidi L, Masera M, Stefanini A, "Cyber security assessment of a power plant", Electric Power Systems Research, vol. 81, pp. 518-526 (2011).   DOI
13 Lee CK, Park GY, Kwon KC, Hahn DH, Cho SH, "Cyber security design requirements based on a risk assessment", Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, pp. 1638-1646 (2009).
14 Mark D, John MD, Justin S., "The art of software security assessment", Addison-Wesley (2007).