Security-Informed Safety: If it's not secure, it's not safe

Bloomfield, R. E., Netkachova, K. & Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. Paper presented at the 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013), 03rd - 04th October 2013, Kiev, Ukraine.

[img]
Preview
PDF
Download (539kB) | Preview

Abstract

Traditionally, safety and security have been treated as separate disciplines, but this position is increasingly becoming untenable and stakeholders are beginning to argue that if it’s not secure, it’s not safe. In this paper we present some of the work we have been doing on “security-informed safety”. Our approach is based on the use of structured safety cases and we discuss the impact that security might have on an existing safety case. We also outline a method we have been developing for assessing the security risks associated with an existing safety system such as a large-scale critical infrastructure.

Item Type: Conference or Workshop Item (Paper)
Additional Information: The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-40894-6_2
Uncontrolled Keywords: Security-Informed Safety, assurance cases, risk assessment
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: School of Informatics > Centre for Software Reliability
Related URLs:
URI: http://openaccess.city.ac.uk/id/eprint/3097

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics