Wide-spread reliance on networking in modern safety-critical control systems makes security increasingly interwoven with safety. Hence, we need novel methodologies integrating security consideration into the process of system development and safety case construction. Safety case is a structured argument justifying system safety. In this paper, we propose an approach that relies on the systems-theoretic analysis to construct security-aware safety cases. We define a number of generic patterns facilitating definition of security-aware safety cases. Our approach allows the developers to analyse the mutual interdependencies between safety and security in the design of networked control systems. It provides the engineers with a systematic top-down method for deriving constraints that should be imposed on the system and software behavior to guarantee safety in the presence of accidental and malicious faults.
Elena Troubitsyna (Åbo Akademi University): Integrating Security Consideration Into a Safety Case Construction
Presented at the Think Mind/Depend 2016, the Ninth International Conference on Dependability, Nice.