[SystemSafety] The Intertwining of Safety and Security
Coq, Thierry
Thierry.Coq at dnvgl.com
Mon Nov 7 15:45:04 CET 2016
Since all current systems can be compromised, since there is no rigorous evidence of being unable to compromise any of them, is there one system that is demonstrably safe?
Thierry Coq
<All opinions expressed here are my own>
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Driscoll, Kevin R
Sent: lundi 7 novembre 2016 15:36
To: paul cleary <clearmeist at hotmail.com>; Peter Bernard Ladkin <ladkin at causalis.com>
Cc: The System Safety List <systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] The Intertwining of Safety and Security
> software can be designed to never fail, yet without robust security, the software can easily be comprised
Contradictory?? Otherwise, what does "never fail" mean?
In comparing Murphy vs Satan (natural failures vs human threats, respectively) at 10e-7 or lower requirements, Murphy is indistinguishable from Satan, except for coordinated attacks against independent components. That is, the worst possible human adversary attack also could be produced by Murphy with help from Mother Nature. Thus, a system correctly designed for safety includes coverage for the safety-relevant security threats, with the exception for coordinated attacks against independent components. If such a system is vulnerable to safety-relevant security threats, its claims for safety are not valid, even in the absence of security threats.
P.S.
The restriction to "safety-relevant security threats" is to avoid the safety vs. security contradiction with respect to the Bell-LaPadula model, which is a whole other can of worms.
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of paul cleary
Sent: Monday, November 07, 2016 05:31
To: Peter Bernard Ladkin
Cc: The System Safety List
Subject: Re: [SystemSafety] The Intertwining of Safety and Security
Really it's only just become a hot topic now!! Wow
There can be no safety without security. I'm still amazed that discussions on this forum and other like, continue to deliberate on subjects such as (notional) software reliability, and applying safety efforts to reduce take probability of failures occurring within software and hardware based systems, yet no discussion on security. A system and its software can be designed to never fail, yet without robust security, the software can easily be comprised and changed, rendering and notions of system safety completely irrelevant!!
Paul Cleary BSc, MSc, CEng, EUR ING
RailAssuranceConsulting
On Nov 7, 2016, at 6:24 PM, Peter Bernard Ladkin <ladkin at causalis.com<mailto:ladkin at causalis.com>> wrote:
A very hot topic nowadays. But I encounter a lot of people who think you can actually handle syste
safety and system security in IACS systems separately. I encounter others who think that ensuring
safety means you need to make sure your safety functions are not compromised.
Not so. Your safety functions may be perfect, remain uncompromised, and still be insufficient to
inhibit an unacceptable risk due to intruder activity. The argument is straightforward.
https://abnormaldistribution.org/index.php/2016/11/07/an-observation-on-the-intertwining-of-safety-and-security/
PBL
Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs-bi.de<http://www.rvs-bi.de>
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
**************************************************************************************
This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited.
**************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161107/cd935696/attachment-0001.html>
More information about the systemsafety
mailing list