Clock synchronization considerations in security informed safety assurance of autonomous systems of systems
Over the past decade, fast technological and industrial advances have been happening in the area of autonomous Systems of Systems (SoS). A SoS is built upon integration of several systems, where the complexity of such a structure is exponentially higher which brings challenges to its analysis. However, it also has provided a large set of new opportunities in domains such as air traffic control, defense, construction industry, etc. It is expected that fully autonomous and cooperating systems will increase the production efficiency, while decreasing (potentially completely replacing) the human effort in harmful environments. In order to enable this, we need to make sure that critical properties of SoS, such as safety and security are guaranteed. We believe that it is not sufficient anymore to analyze and guarantee these properties independently, but we have to be able to address safety and security in a joint effort. Communications in systems with any type of real-time requirements, where data validity is based on its freshness, rely on clock synchronization (CSyn) allowing its subsystems to cooperate and work coherently. Considering reliable and predictable communication as one of the main assets contributing to correct functionality of such systems, protecting CSyn from malicious adversaries should be one of the highest priority efforts in SoS. In this paper we show how CSyn breaches can influence security, and ultimately safety of complex and autonomous SoS, further we identify a missing piece to consider in safety assurance, namely assurance with respect to reliable communications between systems within the SoS. We demonstrate how an outcome of a security analysis can be used as input for the overall safety analysis and we use an autonomous quarry as an example application to illustrate our findings.