Safety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems have been designed in compliance with safety requirements. The increasing presence of automatic controlling operation, the massive use of networks to transfer data and information, and the human operations introduce a new security concern in safety-critical systems. Security issues (threats) do not only have direct impact on systems availability, integrity and confidentiality, but they also can influence the safety aspects of the safety critical systems. Today taking into account malicious actions through intrusion into communications and computer control systems become a critical and not negligible step during the design and the assessment of safety-critical systems. The paper describes a general methodology to support the assessment of safety-critical system with respect to security aspects. The methodology is based on a library of security threats. Such threats, identified during the work, have been mapped to the NIST security controls. Then, a preliminary representation of the library in the aerospace domain is shown through some simple example, together with some considerations on the relation between security issues and safety impact as a valuable addition to the safety critical systems certification process.

Adding Security Concerns to Safety Critical Certification / Nicola Nostro; Andrea Bondavalli; Nuno Silva. - ELETTRONICO. - (2014), pp. 521-526. ((Intervento presentato al convegno 4th edition of the IEEE International Workshop on Software Certification (WoSoCer2014) tenutosi a Naples (Italy) nel November 3-6, 2014 [10.1109/ISSREW.2014.56].

Adding Security Concerns to Safety Critical Certification

NOSTRO, NICOLA;BONDAVALLI, ANDREA;
2014

Abstract

Safety-critical systems represent those systems whose failure may lead to catastrophic consequences on users and environment. Several methods and hazard analysis, and standards in different disciplines, have been defined in order to assure the systems have been designed in compliance with safety requirements. The increasing presence of automatic controlling operation, the massive use of networks to transfer data and information, and the human operations introduce a new security concern in safety-critical systems. Security issues (threats) do not only have direct impact on systems availability, integrity and confidentiality, but they also can influence the safety aspects of the safety critical systems. Today taking into account malicious actions through intrusion into communications and computer control systems become a critical and not negligible step during the design and the assessment of safety-critical systems. The paper describes a general methodology to support the assessment of safety-critical system with respect to security aspects. The methodology is based on a library of security threats. Such threats, identified during the work, have been mapped to the NIST security controls. Then, a preliminary representation of the library in the aerospace domain is shown through some simple example, together with some considerations on the relation between security issues and safety impact as a valuable addition to the safety critical systems certification process.
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
4th edition of the IEEE International Workshop on Software Certification (WoSoCer2014)
Naples (Italy)
November 3-6, 2014
Nicola Nostro; Andrea Bondavalli; Nuno Silva
File in questo prodotto:
File Dimensione Formato  
06983897.pdf

Accesso chiuso

Tipologia: Pdf editoriale (Version of record)
Licenza: DRM non definito
Dimensione 617.67 kB
Formato Adobe PDF
617.67 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2158/917340
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 8
social impact