Search
Search
Menu
Close
Close

Interplay Between Safety and Security

Computer systems, especially those used in safety-critical domains, should be designed, built and assessed not only from the functional point of view, but also with respect to their dependability properties such as safety and security.

With the increase in connectivity of safety-critical systems, it is important to assure that these systems are secure. Today’s assessment methods are usually only addressing either safety or security aspects. The interplay analysis between safety and security is the area where both aspects are considered to design, build and assess a safe and secure system. This analysis is part of a broader area of interest where several dependability and security properties are studied.

Dependability and security properties

Dependability is the ability to deliver service that can justifiably be trusted. Dependability properties include reliability, safety, availability, integrity, and maintainability. Security, however, is traditionally defined using the CIA triad corresponding to three properties of confidentiality, integrity and availability. Other important security properties are privacy, freshness, non-repudiation, authenticity, and authorization

Addressing dependability properties comes with implementation of measures that facilitate fulfilment of every individual property. For example, redundancy is a measure that is used to ensure that a system is available even when one of its redundant components is unavailable due to the presence of faults. 

However, introduction of redundant components also increases the surface that could be affected or targeted by attacks, which in turn could have a negative impact on properties such as safety. Therefore, one would need to study the impact of introducing certain measures on dependability and security properties holistically.

Interplay analyses

Analyses of the interplay between dependability and security properties is the study of how designing and building a computer system, including its different measures, influence different dependability and security properties. In the literature, this type of analysis is also referred to as co-engineering or multi concern assessment. We can assist customers in performing interplay analyses at different phases of the development lifecycle, in the early stages by specifying the interplay between requirements all the way to after the system has been deployed, by assessing the impact of a new software update on the system.

Expertise

We provide this support based on our expertise, some of which have been listed below:

  • Build-up of combined safety and security frameworks to evaluate safety hazards as well as security threats in systems built in domains such as automotive, forestry, railway, and intelligent distribution grids.
  • Experimental interplay analysis using fault and attack injection techniques, such as model-implemented fault and attack injection and communication-based fault and attack injection engine. For this, we have developed several tools such as MODIFI and ComFASE tool. Fault and attack injection techniques facilitate modelling of systematic hardware and software faults as well as cybersecurity attacks in order to study their impacts on dependability and security properties of computer systems.
  • Identification of synergies in a multi-concern development lifecycle, analysis of measures built to fulfil dependability and security properties, and assessment of the development of dependable systems with respect to safety and security standards.
  • Educating managers, project leaders, and engineers on dependability and security concepts using our in-house courses. Our courses include those discussing the development and assessment of resilient computer systems as well as those dealing with Machinery Directive, functional safety, and cybersecurity engineering standards such as IEC 61508, ISO 13849, ISO 26262, and ISO/SAE 21434.
  • Guarantee of safety and security of autonomous systems using assurance cases. Furthermore, we combine safety and security assurance cases to have a more comprehensive view of system dependability.
  • Development of autonomous systems using our WayWise project, demonstrating rapid prototyping, testing, and validation. We ensure autonomous vehicles, machinery, and drones meet the highest standards of functional safety, cybersecurity, and AI integration.

Our experts

  • Aria Mirzai
  • Ashfaq Farooqui
  • Behrooz Sangchoolie
  • Fredrik Warg
  • Martin Skoglund
  • Marvin Damschen
  • Mateen Malik
  • Mazen Mohamad
  • Peter Folkesson
  • Pierre Kleberger
    • Behrooz Sangchoolie

    Contact person

    Behrooz Sangchoolie

    Forskare

    +46 10 516 61 89

    Read more about Behrooz

    Contact Behrooz
    CAPTCHA
    This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

    * Mandatory By submitting the form, RISE will process your personal data.

    Contact

    Cannot find what you are looking for or are you curious about how we can help?

    Send message
    CAPTCHA
    This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

    * Mandatory By submitting the form, RISE will process your personal data.

    Related

    Course

    Resilient Safety-Critical Computer Systems

    Computer systems used in domains such as transportation and healthcare should be dependable and designed in a way to ensure that they are fault-tolerant. In this course, we go through concepts that allow you, as a hardware expert,…
    Course

    Cybersecurity engineering road vehicles - ISO/SAE 21434, UNECE R155/R156 and related standards

    Full day course on the international standard ISO/SAE 21434 and its application. We also go through its relation to UNECE R155/R156 and related standards. The course is designed for those who work with E/E systems in the automotiv…
    Education area

    Course on ISO/SAE 21434

    This on-demand course explains the international standard ISO/SAE 21434 which specifies requirements for cybersecurity risk management regarding road vehicle electrical and electronic (E/E) systems.
    Education area

    Functional Safety for Road Vehicles – ISO 26262

    The international standard ISO 26262 is used for ensuring functional safety of electric/electronic (E/E) systems in road vehicles. The course will provide an overview of functional safety and the application of ISO 26262.
    Course

    Cybersecurity engineering – overview

    3-hour online course that provides a technical introduction to cybersecurity. Learn about attacks and incidents, protection mechanisms and encryption. If you have worked with functional safety before, this is an advantage.
    Education area

    Fault injection and attack injection

    Fault injection is used in as an assessment activity to evaluate the effectiveness of error handling mechanisms. Moreover, fault injection is either recommended or highly recommended in many standards related to the development of…