Safety and security are the two most important properties of industrial control systems (ICS), and their integration is necessary to ensure that safety goals do not undermine security goals and vice versa. Sometimes, safety and security co-engineering leads to conflicting requirements or violations capable of impacting the normal behavior of the system. Identification, analysis, and resolution of conflicts arising from safety and security co-engineering is a major challenge, an under-researched area in safety-critical systems(ICS). This paper presents an STPA-SafeSec-CDCL approach that addresses the challenge. Our proposed methodology combines the STPA-SafeSec approach for safety and security analysis and the Conflict-Driven Clause Learning (CDCL) approach for the identification, analysis, and resolution of conflicts where conflicting constraints are encoded in satisfiability (SAT) problems. We apply our framework to the Tennessee Eastman Plant process model, a chemical process model developed specifically for the study of industrial control processes, to demonstrate how to use the proposed method. Our methodology goes beyond the requirement analysis phase and can be applied to the early stages of system design and development to increase system reliability, robustness, and resilience.

翻译：安全与安保是工业控制系统（ICS）的两个最重要属性，二者的集成对于确保安全目标不损害安保目标、反之亦然至关重要。然而，安全与安保协同工程有时会导致冲突性需求或违规行为，从而影响系统的正常运行。识别、分析和解决安全与安保协同工程中产生的冲突是一项重大挑战，也是安全关键系统（ICS）中研究不足的领域。本文提出了一种STPA-SafeSec-CDCL方法以应对该挑战。我们提出的方法论结合了用于安全与安保分析的STPA-SafeSec方法，以及用于冲突识别、分析与解决的冲突驱动子句学习（CDCL）方法，其中冲突约束被编码为可满足性（SAT）问题。我们将该框架应用于田纳西伊士曼过程模型（一种专门为工业控制过程研究而开发的化学过程模型），以展示如何使用所提出的方法。我们的方法论超越了需求分析阶段，可应用于系统设计与开发的早期阶段，以增强系统的可靠性、鲁棒性和弹性。