[SystemSafety] Does "reliable" mean "safe" and or "secure" or neither?
Roberto Bagnara
bagnara at cs.unipr.it
Mon Apr 18 19:36:15 CEST 2016
On 18/04/2016 18:25, Chris Hills wrote:
> I came across someone using the term "reliable" to also infer safe and
> secure.
> I contended that "reliable" does not automatically mean safe or secure.
And you are 100% correct!
> I can think of cases where systems behave in a reliable
> (repeatable/predictable) way that is not safe and other that are reliable
> land certainly not secure. I have seen a demo of a very reliable system
> that has a completely open password and will then use a well-known comms
> protocol to give you any information you ask for. Though it is safe doing
> what it is supposed to do (as long as you can't re-purpose it to be
> dangerous).
Precisely: these are examples showing that reliability implies neither
safety nor security.
> What is the current thinking? Does "reliable" also infer safe or secure?
On reliability vs safety I suggest Chapter 2 of Nancy Leveson's excellent book
https://mitpress.mit.edu/sites/default/files/titles/free_download/9780262016629_Engineering_a_Safer_World.pdf
I believe the same kind of reasoning applies to reliability vs security.
Actually, there the situation can be even worse: increasing reliability
can decrease security. For example: the electronic key of my car
sometimes fails, i.e., I have to push the button several times in order
to obtain the desired effect. In other words, it is not very reliable.
Perhaps the cause is that the emitted signal is not strong enough.
Emitting a stronger signal would make it more reliable, but would also
make eavesdropping easier, i.e., it would make the system less secure.
Kind regards,
Roberto
--
Prof. Roberto Bagnara
Applied Formal Methods Laboratory - University of Parma, Italy
mailto:bagnara at cs.unipr.it
BUGSENG srl - http://bugseng.com
mailto:roberto.bagnara at bugseng.com
More information about the systemsafety
mailing list