Skip to main content
Search
Menu
Interplay between safety and security

Safety and Security - what about their interplay?

Computer systems, especially those used in safety-critical domains, should be designed, built and assessed not only from the functional point of view, but also with respect to their dependability properties such as safety and security.

My name is Behrooz Sangchoolie and I am a researcher at the Dependable Transport Systems unit at RISE. In this blog post, I will look deeper into the interplay between safety and security and explain why it is so important. 

With the increase in connectivity of safety-critical systems, it is important to assure that these systems are secure. For example, autonomous vehicles shall not only be safe in their operations but also secure against cyberattacks that could potentially lead to accidents. Today’s assessment methods are usually only addressing either safety or security aspects. The interplay analysis between safety and security is the area where both aspects are considered to design, build and assess a safe and secure system. This analysis is part of a broader area of interest where several dependability and security properties are studied.

I will explain: Dependability is the ability to deliver service that can justifiably be trusted. Dependability properties include reliability, safety, availability, integrity, and maintainability. Security, however, is traditionally defined using the CIA triad corresponding to three properties of confidentiality, integrity and availability. Other important security properties are privacy, freshness, non-repudiation, authenticity, and authorization

Addressing dependability properties comes with implementation of measures that facilitate fulfilment of every individual property. For example, redundancy is a measure that is used to ensure that a system is available even when one of its redundant components is unavailable due to the presence of faults. 

However, introduction of redundant components also increases the surface that could be affected or targeted by attacks, which in turn could have a negative impact on properties such as safety. Therefore, one would need to study the impact of introducing certain measures on dependability and security properties holistically. If you are interested to know more about these properties, how to model and measure them, I offer a course at RISE on Resilient Safety-Critical Computer Systems that covers these topics alongside details on well-established redundancy schemes. 

We then have the analyses of the interplay between dependability and security properties which is the study of how designing and building a computer system, including its different measures, influence different dependability and security properties. In the literature, this type of analysis is also referred to as co-engineering or multi concern assessment.

At RISE, we can assist customers in performing interplay analyses at different phases of the development lifecycle, in the early stages by specifying the interplay between requirements all the way to after the system has been deployed, by assessing the impact of a new software update on the system.

I  hope you found my blog post informative and interesting. If you want to know more about our expertise and how we can help you, please vitit RISE website Interplay Between Safety and Security | RISE. You are also welcome to contact med directly on behrooz.sangchoolie@ri.se 
I´m looking forward to hearing from you.

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

* Mandatory By submitting the form, RISE will process your personal data.