1 / 6

Unifying Safety and Security

Unifying Safety and Security. John A Clark Senior Lecturer in Critical Systems University of York. Contents. What is safety and what is security? Why do we want to unify the two? What’s the Same What’s Different How can we make progress?. Things that are similar.

elinor
Download Presentation

Unifying Safety and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unifying Safety and Security John A Clark Senior Lecturer in Critical Systems University of York

  2. Contents • What is safety and what is security? • Why do we want to unify the two? • What’s the Same • What’s Different • How can we make progress?

  3. Things that are similar • Both properties of systems • Both risk based • integrity levels (e.g. SILs, assurance/confidence levels) • Certification authorities. • Independent V&V • Process development standards. • Subject to attack. • The concepts have the same word in some languages (Sicherheit, securite)

  4. Things that differ • Nature of what we get wrong. How about (traditionally) • Safety: we get the requirements wrong. • Security: we typically get the implementation wrong. • Process development standards • Security standards (e.g. ITSEC) place heavy emphasis on top level correctness (with greater informality in refinement). Essentially get the model and top level spec right. • Safety standards seem more keen to propagate rigour (formality) through refinement levels.

  5. Things that cause problems • ‘People are our greatest asset…’ • People are our worst nightmare • Human factors issues with safety widely appreciated • But with security comes malice

  6. Some things of Interest in Security • Confidentiality • Integrity • Availability • Accountability

More Related