Abstract
This paper investigates safety and security requirements specification methods, and proposed techniques for the integration of contrasting methodologies. The nature of interaction between safety and security requirements, and problems relating to their independent development, are discussed. The requirements specifications of an Air Traffic Control system are used to highlight the problems inherent in the independent approach to requirements development. From investigation of the literature and the case study, we identify several areas that can cause problems when we attempt to harmonize safety and security requirements techniques. The most important of these are: different system models used for safety and security; different documentation structures for the analyses and their results; the interaction of safety and security requirements; isolation of safety and security requirements processes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
6 References
Leveson, N., G.: Software Safety: Why, What and How. In: ACM Computing Surveys, Vol. 18, No. 2 (1986).
Pfleeger, C., P.: Security in Computing. Prentice Hall Inc (1997).
Avizienis, A., Laprie, J. C. (eds.): Dependable Computing for Critical Applications. Springer-Verlag/Wien (1991).
McDermid, J., A.: On Dependibility, its Measurement and its Management. In: High Integrity Systems, Vol. 1, No. 1 (1994).
Sanders, W., E., Meyer, J., F.: A Unified Approach to Specifying Measures of Performance, Dependability and Performability. In Dependable Computing for Critical Systems. Springer-Verlag/Wien (1991).
Cullyer, J.: The Technology of Safety and Security. In: The Computer Bulletin, Vol. 5, No. 5 (1993).
Rushby, J.: Critical Properties; Survey and Taxonomy. In: Reliability Engineering and System Safety, Vol. 43, (1994).
Brewer, D. F. C.: Applying Security Techniques to Achieve Safety. In: Directions in Safety-Critical Systems, Proceedings of the Safety-Critical Systems Symposium, Bristol 1993. Springer-Verlag London Ltd (1993).
Leveson, N., G.: Safeware, System Safety and Computers. Addison-Wesley Publishing Company Inc (1996).
CESG.: CESG INFOSEC Memorandum Number 5-System Security Policies, Issue 3.0 (July 1994).
CESG.: CESG COMPUSEC Memorandum No 10-Minimum Computer Security Standards for HMG Information Handled by Information Technology Systems, Issue 2.2, (October 1996).
UK Ministry of Defence: Defence Standard 00-56/Issue 2 (DS 00-56/2), Safety Management Requirements for Defence Systems, dated 13 December 1996 (1996).
Department of Defense Trusted Computer System Evaluation Criteria. US Department of Defense (1985).
Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model, Common Criteria Implementation Board. CCIB (96/011) (1996).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eames, D.P., Moffett, J. (1999). The Integration of Safety and Security Requirements. In: Felici, M., Kanoun, K. (eds) Computer Safety, Reliability and Security. SAFECOMP 1999. Lecture Notes in Computer Science, vol 1698. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48249-0_40
Download citation
DOI: https://doi.org/10.1007/3-540-48249-0_40
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66488-8
Online ISBN: 978-3-540-48249-9
eBook Packages: Springer Book Archive