We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and – as a result – we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modeling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modeling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modeling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.

我们调查了用于安全和安保联合分析的基于模型的形式主义的最新技术，其中安全是指不存在意外故障，安全性是指不存在恶意攻击。我们进行了彻底的文献综述，并因此考虑了十四种基于模型的形式主义，并根据几个标准对它们进行了比较：（1）建模能力和表达性：哪些现象可以用这些形式主义来表达？他们可以在多大程度上捕捉安全与安保的相互作用？(2)分析能力：支持哪些分析类型？(3)实际适用性：形式主义在多大程度上被用于分析小型或大型案例研究？此外，（1）我们以树状形式提出了更精确的安全-安全依赖关系定义；（2）我们通过对文献中的相同玩具示例进行建模来展示每种形式主义的潜力，（3）我们展示我们的发现并反思缩小突出差距的可能方法。总之，我们的主要发现如下：（1）大多数方法结合了树状形式模型；(2) 安全-安保相互作用的确切性质仍不清楚；(3) 不同的形式可以捕捉不同的相互作用；(4) 分析的形式主义合并来自现有安全和特定于安全的形式主义的建模构造，而不引入临时构造来对安全-安保交互进行建模，或 (5) 分析权衡的指标。此外，（6）代表安全-安保相互作用的大型案例研究仍然缺失。