Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules.

翻译：信息物理系统的安全与安保联合分析是正确捕获这些属性间相互依赖的必要步骤。攻击-故障树结合了动态故障树与攻击树的特点，可用于对安全与安保的整体视图进行建模与模型检测。然而，为整个系统手动构建完整的AFT是一项艰巨任务，需跨越多个抽象层次（如抽象应用架构与数据流，以及受各类漏洞影响的系统及库依赖关系）。本文提出一种AFT生成工具链，通过利用手动创建或从漏洞数据库挖掘的局部故障树与攻击树来简化该过程。我们半自动创建两个系统模型，为基于图转换规则自动将这些局部故障树与攻击树整合为完整AFT提供必要信息。