1 / 6

Unifying Safety and Security: Insights from John A. Clark, University of York

This presentation explores the critical distinction and relationship between safety and security in systems. It addresses the reasons for unifying these two essential aspects, highlighting similarities such as risk-based properties and certification standards, as well as differences in how failures occur and standards are formulated. Emphasis will be placed on the human factors involved in safety and security. Attendees will gain insight into making progress in effectively integrating safety and security in system development and operation.

elinor
Télécharger la présentation

Unifying Safety and Security: Insights from John A. Clark, University of York

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unifying Safety and Security John A Clark Senior Lecturer in Critical Systems University of York

  2. Contents • What is safety and what is security? • Why do we want to unify the two? • What’s the Same • What’s Different • How can we make progress?

  3. Things that are similar • Both properties of systems • Both risk based • integrity levels (e.g. SILs, assurance/confidence levels) • Certification authorities. • Independent V&V • Process development standards. • Subject to attack. • The concepts have the same word in some languages (Sicherheit, securite)

  4. Things that differ • Nature of what we get wrong. How about (traditionally) • Safety: we get the requirements wrong. • Security: we typically get the implementation wrong. • Process development standards • Security standards (e.g. ITSEC) place heavy emphasis on top level correctness (with greater informality in refinement). Essentially get the model and top level spec right. • Safety standards seem more keen to propagate rigour (formality) through refinement levels.

  5. Things that cause problems • ‘People are our greatest asset…’ • People are our worst nightmare • Human factors issues with safety widely appreciated • But with security comes malice

  6. Some things of Interest in Security • Confidentiality • Integrity • Availability • Accountability

More Related