Abstract
Traditionally, safety and security have been treated as separate disciplines, but this position is increasingly becoming untenable and stakeholders are beginning to argue that if it’s not secure, it’s not safe. In this paper we present some of the work we have been doing on “security-informed safety”. Our approach is based on the use of structured safety cases and we discuss the impact that security might have on an existing safety case. We also outline a method we have been developing for assessing the security risks associated with an existing safety system such as a large-scale critical infrastructure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bloomfield, R.E., Stroud, R.J.: Safety and Security: Concepts, Standards and Assurance. D/719/138002/2, v2.0. Adelard, London (2012)
Netkachova, K., Bloomfield, R.E., Stroud, R.J.: Security-informed safety cases. In: Specification and Safety and Security Analysis and Assessment Techniques. D3.1, SESAMO project, http://sesamo-project.eu
Bloomfield, R.E., Wetherilt, A.: Computer trading and systemic risk: a nuclear perspective. Foresight study, The Future of Computer Trading in Financial Markets, Driver Review DR26. Government Office for Science (2012)
Toulmin, S.E.: The Uses of Argument. Cambridge University Press, Cambridge (1958)
Kelly, T., Weaver, R.: The Goal Structuring Notation – A Safety Argument Notation. In: Workshop on Assurance Cases, 2004 International Conference on Dependable Systems and Networks, Florence (2004)
Bishop, P.G., Bloomfield, R.E.: A Methodology for Safety Case Development. In: Redmill, F., Anderson, T. (eds.) Industrial Perspectives of Safety-critical Systems: Proceedings of the Sixth Safety-Critical Systems Symposium, Birmingham 1998, pp. 194–203. Springer, London (1998)
ISO/IEC 15026-2:2011. Systems and software engineering — Systems and software assurance, Part 2: Assurance case (2011)
Bishop, P.G., Bloomfield, R.E., Guerra, S.: The future of goal-based assurance cases. In: Workshop on Assurance Cases, 2004 International Conference on Dependable Systems and Networks, Florence (2004)
National Institute of Standards and Technology, U.S. Department of Commerce: Security and Privacy Controls for Federal Information Systems and Organizations. Special Publication 800-53, Rev. 4. Gaithersburg, MD (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bloomfield, R., Netkachova, K., Stroud, R. (2013). Security-Informed Safety: If It’s Not Secure, It’s Not Safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds) Software Engineering for Resilient Systems. SERENE 2013. Lecture Notes in Computer Science, vol 8166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40894-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-40894-6_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40893-9
Online ISBN: 978-3-642-40894-6
eBook Packages: Computer ScienceComputer Science (R0)