Embed Size (px)
DESCRIPTION
Unifying Safety and Security. John A Clark Senior Lecturer in Critical Systems University of York. Contents. What is safety and what is security? Why do we want to unify the two? What’s the Same What’s Different How can we make progress?. Things that are similar. - PowerPoint PPT Presentation
Citation preview
HIRTS DARPHIRTS DARP ALARP & Software - 1
Unifying Safety and Security
John A Clark
Senior Lecturer in Critical Systems
University of York
HIRTS DARPHIRTS DARP ALARP & Software - 2
Contents
What is safety and what is security?Why do we want to unify the two?What’s the SameWhat’s DifferentHow can we make progress?
HIRTS DARPHIRTS DARP ALARP & Software - 3
Things that are similarBoth properties of systems Both risk based
integrity levels (e.g. SILs, assurance/confidence levels)
Certification authorities.Independent V&VProcess development standards.Subject to attack.The concepts have the same word in some languages
(Sicherheit, securite)
HIRTS DARPHIRTS DARP ALARP & Software - 4
Things that differNature of what we get wrong. How about (traditionally)
Safety: we get the requirements wrong.Security: we typically get the implementation wrong.
Process development standardsSecurity standards (e.g. ITSEC) place heavy emphasis on top
level correctness (with greater informality in refinement). Essentially get the model and top level spec right.
Safety standards seem more keen to propagate rigour (formality) through refinement levels.
HIRTS DARPHIRTS DARP ALARP & Software - 5
Things that cause problems‘People are our greatest asset…’People are our worst nightmare
Human factors issues with safety widely appreciatedBut with security comes malice
HIRTS DARPHIRTS DARP ALARP & Software - 6
Some things of Interest in SecurityConfidentialityIntegrityAvailabilityAccountability
