· web...
TRANSCRIPT
STAMP
2017619
2017626
1(4)
5
8
2
16
24
.48
.62
2017619
1
(1) STAMP
(2)
(3)
(4)
6.(4)
STAMP
81108100
2
(1)70
(2)71
(3)
(4)282930
(5)
(6)
3
(1)
(2)
4
(1)
20176261030
(2)
2-28-813
C
14.(4)
5
(1)
1
(2)
20176262017751700
(3)
14.(4)
6
(1)
2017772017711
()1000170012301330
(2)
2017711 1700
(3)
14.(4)
(4)
No.
2
1
3
1
3
.
3
3
3
33
1
282930
6591
1
4
1
(5)
14.(4)STAMP14.(4)STAMP
STAMP
(6)
2017714 10301730
11
2-28-815
3
7
(1)
20177191400
(2)
2-28-816
3
8
9
29
10
11
12
13
113-6591 2-28-816
14
(1)
(2)
(3)
(4)
113-6591
2-28-816
TEL03-5978-7543
13
(5)
:
TEL03-5978-7502
()22127
1
493
STAMP
P
11 1
2IPA
2
STAMP
()
3
STAMP
4
STAMP
TEL FAX
No.
No.
1
1
3
1
2
3
3
3
1
1
()
STAMP
1
2
2
31
3
4
(1)
(2)
58108100
6
2
7
2
8
9
2221657112
10 721
11
12
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8) 2
(9)
(10)
(11)
(12)
13
14185
(1) 32108.5
(2) 106
2
3
1529
2
3
16
2
3
4
1713
2
18563911
2
19
20
1.
(1) 3772226
(2)
(3)
(4)
70
71
2
20xx
STAMP
1
2
2
3
3
2
31
4
5
6
7
2
8430
2
3
4121
931
1083
2 (241212991)
1111,0001
2
12
13
2
31
411410010100
5
145
211
151345
16
2
3
17272883
2()
328
18)
2
39
19
2
3
4
5
6
20
21
1
2254381
49
621
721821
8919511
4045966198
21
611
621
721821
3110010100
2
31
41
515
4
3772226
5
2
642
242
310010100
4
52
63
735
7
21
20
288
1
2
21
3
4
2
3
5
6
74
2
3
4
5
8
2
9
25
10
2
11
2
31
STAMP
STAMP[footnoteRef:1]/STPA[footnoteRef:2]IoTSTAMPSTAMPSTPASTAMP/STPA [1: STAMP(Systems-Theoretic Accident Model and Process)MITNancy Leveson2012Engineering a Safer World] [2: STPA(Systems-Theoretic Process Analysis)STAMP]
IPASTAMP/STPA
STAMPSTAMP/STPA[footnoteRef:3]20164 [3: http://www.ipa.go.jp/sec/reports/20160428.html]
STAMPSTAMP/STPA[footnoteRef:4]20173 [4: http://www.ipa.go.jp/sec/reports/20170324.html]
STAMP/STPASTAMP/STPA
STAMP/STPASTAMPSTAMP/STPA
(1)
[footnoteRef:5]V 1[footnoteRef:6] [5: 2017IPAESPR Ver.2.0 http://www.ipa.go.jp/sec/publish/tn07-005.html] [6: ]
FMEA[footnoteRef:7]FTA[footnoteRef:8]HAZOP[footnoteRef:9] [7: FMEA(Failure Mode and Effect Analysis)] [8: FTA(Fault Tree Analysis)] [9: HAZOP(HAZard and OPerability study)7]
STAMP/STPA
1V
(2)
STAMP/STPAIPASTAMPXSTAMPP 1
STAMPSTAMP 1STAMP
1STAMP
[footnoteRef:10] [10: Step0,1,2,3 7STPAStep]
XSTAMPP
Step0,1,2
Step
SafetyHAT
Step1
SAHRA
Step1,2
Step
Step0,1,2,3
Step
Step0
STAMP 2 3STPAEngineering a Safer WorldSTPA Primer[footnoteRef:11]Step01Step02STAMPStep0Control StructureCS [11: An STPA primer v1, Nancy Leveson, et al., 2013http://psas.scripts.mit.edu/home/wp-content/uploads/2015/06/STPA-Primer-v1.pdf]
2STAMPStep0
Step0
IPASTAMP/STPACSControl Structure DiagramCS
3Step0
AccidentHazardSafety Costraints.
STAMP/STPASTAMP/STPA 3STAMPCSCSSTAMPCS
CSSTAMP/STPAIPA
STAMP/STPAStep1Step2Step3StepSTAMP/STPA 7
Step1
4Step1
STAMP/STPAIDIPAID[footnoteRef:12]ID [12: STAMP/STPAP7P8P42SCSafety ConstraintsUCA(Unsafe Control Actioon)HCFHazardCausal FactorID]
UCAUnsafe ControlActionIDID
UCA4
Step2
5Step2
STAMP/STPAIPA
CSHCFCS
HCF[footnoteRef:13]HCF [13: STAMP/STPA4]
Step3
6Step3
HCFUCASCSafety ConstraintsUCASCHCF
(3)
STAMPSTPACAST[footnoteRef:14]STECA[footnoteRef:15]STPA-Sec[footnoteRef:16]STPA [14: CASTCausal Analysis based on STAMPSTAMP] [15: STECASystem-Theoretic. Early Concept AnalysisSTAMP] [16: STPA-SecSTPA for SecuritySTAMP]
STAMPCSUCA 3 4 5 6 7
3 4 5 6StepStepInputStepOutput
Step
3STAMP/STPAIPASTAMP/STPA
CSCSSTAMP/STPA
STPAEngineering a Safer WorldSTPA PrimerSTAMPSTAMPCSUCAHCFSTAMP/STPASTAMP/STPA
STAMP/STPA
7STPAStep
STAMP/STPAHazard Causal FactorSTPAStep3
STAMP/STPA 7 8 8Step0Step3
StepUCA 3 4 5 6
8STPA
(4)
STAMP/STPA
STAMP/STPAIPA20164STAMP/STPA [footnoteRef:17] [17: http://www.ipa.go.jp/sec/reports/20160428.html]
1.
0.
0.
0.
0. STAMP
0.
0.
0.
0.
0.
0.
1.
0.
0.
0.
IPAIPA
0. STAMP
STAMPSTAMPIPAIPAIPASTAMP
OutputOutput
IPA
0.
IPAIPA
IPAIPA
0.
IPAIPA
0.
IPAIPA
201712
0.
0.
IPASTAMP/STPA
2
STAMP/STPA
API
UML
0.
1.
201832
2-28-816
1
2
3
4
5
6
7
CD-R/DVD-R1IPA
IPA
IPAIPA
STPA
20164IPASTAMP/STPASTPA
STPA 7STAMP/STPAStep0Step2
MBDModel Based Development
[footnoteRef:18] 9 [18: ]
STAMP/STPASTAMP/STPA
GUIAPI 9STAMP
IPA
API[footnoteRef:19] [19: API]
STAMPSTPACASTSTPA-SecSTECASTAMPSTPA
9
9STAMPMBD
STAMPSTAMPSTPA
STAMPSTAMPSTPA
CSV
I/FInputOutput
STPA
MBD
PCOS
SysMLUML
GUIPC
API 9
55
STAMP5
STAMPSTAMPSTAMP
STPASTAMPSTAMP
STPA
IPA
92BSD[footnoteRef:20] [20: https://opensource.org/licenses/bsd-license.phphttps://ja.osdn.net/projects/opensource/wiki/licenses%2Fnew_BSD_license]
API
UML
STPAIPA
STAMP
IPA
IPA
IPA
STAMP
STAMP
IPA
STAMP
9ModelioLibreOfficeDraw.ioArgoUMLEclipseIDE
IDE
9STAMP
STAMP
STAMPSTAMP 3 4 5 6 9(1)(2)
STPAStep0()
STPAStep0(2)CS
CS[footnoteRef:21]STAMPIPASTAMP/STPA [21: IPA20164STAMP/STPASTPAStep02]
STPAStepUCA
CSCAControl ActionUCA
CAFrom/toCSUCA
IPASTAMP/STPAUCA
CA
STPAStep2HCF
STAMPHCFHazard Causal FactorCS
STPAStep3
AccidentHazardUCAHCFSTAMPStep0,1,2,AccidentHazardUCAHCF&
HCF
STAMP/STPA
STPAStep0CS
STAMPNumbering
inputinputControl ActionCACAFeed back
CS
CS[footnoteRef:22]CSCS [22: Process ModelSTAMP/STPA]
STPAStepUCAUCA
CSCACACSUCA
UCAStep0UCA
STPAStep2HCF
CS
HCFCS
HCFHCFIPASTAMP/STPASTAMP/STPA 10
10HCF
HCF
HCFIPASTAMP/STPA 101~11213HCFSTAMP/STPA4STPA[footnoteRef:23]HCF 11 [23: STAMPSTAMP/STPAHCF]
11HCF
STAMP/STPA4STPA 2
2
()()
()()
()()
()()
()()
()()
()(
STPAStep3
AccidentHazardUCAHCF
STPAStep0
XXYYUCAXXYYXXZZUCAUCAUCA
STPAStepUCA
UCAUCAUCAIPASTAMP/STPA
StepStepUCA
STPAStep2HCF
CSCS
CS
HCF
HCF
STPAStep3
STPAStep3HCFAccidentHazard,UCAHCFDoorsIntegritytraceDoorsIntegrity
STPAStep2CACAFrom/To
StepStep
Step0(1) Step0(2) Step1 Step2 Step1 Step2 Step3
1Step22Step2
STPA
12
IPAIPA
STPAIPASTAMP/STPASTAMP/STPASTPAIPASTPA
IPA
IPAIPA
STAMPSTPA
APIUMLIPA
IPA
PCPCPCPCDLL
a)
b)
IPA
1
STAMP
OS
Windows8.1Windows103264
1.4GHz
2GB
10GB
DirectX9
1024768
2020
100MB100MB
STAMP8
2010
30
IPA
STAMP
STAMPSTAMPSTAMP
Engineering a Safer World:Systems Thinking Applied to Safety(Engineering Systems)
By Nancy G. Leveson, The MIT Press January 2012
STPA primer
http://pass.scripts.mit.edu/home/wp-content/iploads/2015/06/STPA-Primer-v1.pdf
STAMP/STPA
http://www.ipa.go.jp/sec/reports/20160428.html
STAMP/STPAhttp://www.ipa.go.jp/sec/reports/20170324.html
STAMP
http://www.ipa.go.jp/sec/reports/20150918.html
IT
IT
IPA
222
20171115IPA
201712IPA
201832
STAMPIPA
STAMP
IPA
IPA
1IPA
1
1JavaJREJREJRE
1
1)
2)
3) IPAIPAIPA
4)
5) ()
6) IPA
7)
8)
9) 1)8)1)
.
STAMP
1
1.1
1.2
2
2.1
2.2
2.3
2.4
3
3.1
3.2
4
5
5.1
5.2
5.3
5.3.1
5.3.2
5.4
5.5
1
1.1
[]
1.2
.
2
2.1
.[].
[]
1
2
3
4
5
112
6
1
2.2
1
2.2
IPA
1
/
2
3
4
5
2.3
A4A3
Microsoft OfficeOpenOfficePDFCDDVD
2.4
1.2
FAX
8
3
3.1
-
3.2
http://www.ipa.go.jp/security/benchmark/index.html-
4
[]
5
5.1
5.2
5.2
( 1 )
2
400
200
5.3
5.3.1
5.3.2
S
A
B
C
D
11
4
21
8
3
12
2
2
4
8
8
300
5.4
5.5
-
[]
[]
1.
2.
3.
4.
.
1
19
CSStep0InputCSStep0OutputCSStep0(1)Accident,Hazard,Step0(2)CS
2-12-22-33-13-23-2CSIPAIPA(Loss)HazardSafetyConstraints(A1)(H1-1)SC1-1)(A1)(H1-2)(SC1-2)(A1)(H1-3)SC1-3)(A2)(H2-1)SC2-1(A3)(H3-1)(SC3-1)Step0InputStep0OutputCS
from
to
CA
PI1.
a.
a1.
PO1.
b.
b1.
CA1.
CA
c1.
ID
ID
c2.
PO2.
ID
c3.
CA2.
ID
CA
ID
d.
d1.
PO3.
e1.
ID
ID
e2. Y-Z-
CA3.
ID
CA
&
> Y-Z- &
ID
f.
f1.
ID
PO4.
g1. FIFO
ID
ID
ID
g2.
ID
&
ID
ID
g3.
CA4.
CA
g4.
FB2.
ID
FBID
g5.
CA5.
CA
g6.
ID
ID
CA4.
CA
ID
h.
h1.
CA6.
ID
CA
& X-Z) )
& (Y-Z)
i1.
Allocated
Available
i2.
FB1. FB
j1.
On Hand
j2.
On Hand
i.
g.
e.
j.
input
output
CAFB
c.
Not ProvidingProvidingcauseshazardToo early / Too lateStoptoo soon / Applying too long(UCA1)SC1(UCA2)SC1)(UCA3)SC2)(UCA3)SC2)(UCA1)SC1)A,CB(UCA4)(UCA4)SC1)(UCA5)2SC1)(UCA6)SC1)(UCA6)SC1)BNot ProvidingProvidingcauseshazardToo early / Too lateStoptoo soon / Applying too longStep1UCAUCAUCAStep1UCA(Loss)HazardSafetyConstraints(A1)(H1-1)SC1-1)(A1)(H1-2)(SC1-2)(A1)(H1-3)SC1-3)(A2)(H2-1)SC2-1(A3)(H3-1)(SC3-1)Step1InputCSStep1OutputUCAUCAUCAUCAIDSCID
Step2HCFHCFHCFStep2()HCF(Loss)HazardSafetyConstraints(A1)(H1-1)SC1-1)(A1)(H1-2)(SC1-2)(A1)(H1-3)SC1-3)(A2)(H2-1)SC2-1(A3)(H3-1)(SC3-1)Step2InputUCACSStep2OutputHCFHCFIDUCASCIDNot ProvidingProvidingcauseshazardToo early / Too lateStoptoo soon / Applying too long(UCA1)SC1(UCA2)SC1)(UCA3)SC2)(UCA3)SC2)(UCA1)SC1)A,CB(UCA4)(UCA4)SC1)(UCA5)2SC1)(UCA6)SC1)(UCA6)SC1)BHCFControl action(UCA1)AA(UCA2)(UCA3AC(UCA4)(UCA5)(UCA6)Control action(UCA1)(UCA2)(UCA3(UCA4)(UCA5)(UCA6)Controlaction
#UCAHCF1UCA44-1UCA66-42UCA44-2STPA3UCA11-1HeartbeatHealthy4UCA11-25UCA11-2/UCA33-16UCA55-1/UCA66-57UCA11-31-4#UCAHCF1UCA44-1UCA66-42UCA44-23UCA11-14UCA11-25UCA11-2UCA33-16UCA55-1UCA66-57UCA11-31-4Step3Step3(Loss)HazardSafetyConstraints(A1)(H1-1)SC1-1)(A1)(H1-2)(SC1-2)(A1)(H1-3)SC1-3)(A2)(H2-1)SC2-1(A3)(H3-1)(SC3-1)Step2InputUCACSStep2OutputHCFUCAHCFCSHCFUCASCNot ProvidingProvidingcauseshazardToo early / Too lateStoptoo soon / Applying too long(UCA1)SC1(UCA2)SC1)(UCA3)SC2)(UCA3)SC2)(UCA1)SC1)A,CB(UCA4)(UCA4)SC1)(UCA5)2SC1)(UCA6)SC1)(UCA6)SC1)BControl action(UCA1)AA(UCA2)(UCA3AC(UCA4)(UCA5)(UCA6)
Step 0(2)Control StructureStep 2HCFHazard Causal factorStep 1UCAUnsafe Control ActionControl StructureControl StructureDiagram(Control Action)4Control ActionUCAUCAControl Loop DiagramHCFStep 0(1)AccidentHazardAccidentHazardAccidentHazardStep 3Step=Step3STPAStep3STPA
Step 02Control StructureStep 2HCFHazard Causal factorStep 1UCAUnsafe Control ActionSTPAStep 01AccidentHazardStep 3Step2Step1Step0-2Step0-1Step1Step0-2Step3Step0-1Step2Step1Step0-2Step3Step2Step1CSUCA
STAMPSTAMPI/FSTPAGUIAPISTAMPSTAMPSTPAIPA(CAST,STPA-Sec)
from
to
CA
PI1.
a.
a1.
PO1.
b.
b1.
CA1.
CA
c1.
ID
ID
c2.
PO2.
ID
c3.
CA2.
ID
CA
ID
d.
d1.
PO3.
e1.
ID
ID
e2. Y-Z-
CA3.
ID
CA
&
> Y-Z- &
ID
f.
f1.
ID
PO4.
g1. FIFO
ID
ID
ID
g2.
ID
&
ID
ID
g3.
CA4.
CA
g4.
FB2.
ID
FBID
g5.
CA5.
CA
g6.
ID
ID
CA4.
CA
ID
h.
h1.
CA6.
ID
CA
& X-Z) )
& (Y-Z)
i1.
Allocated
Available
i2.
FB1. FB
j1.
On Hand
j2.
On Hand
i.
g.
e.
j.
input
output
CAFB
c.
Step1Step2