[SystemSafety] "Security Risk" and Probability

Peter Bernard Ladkin ladkin at causalis.com
Thu Nov 2 20:53:12 CET 2017



On 2017-11-02 19:54 , Martyn Thomas wrote:
> How can software be safe and not secure? Only by having no safety function?
Kevin got to the list first.

Here is my example. Let S be a perfect, invulnerable safety function. Let "input" be a variable
which is set when any key is pressed on an input device physically separate from anything to do with
S. Let "communicate-public" be a routine which prints given data D on, say, a public WWW site. Let
"communicate-private" be a routine which prints given data D on a device only accessible by those
with access permission for data D.

Let us consider "security" as involving the CIA triad.

(S || loop if input then communicate-public(D) endloop) is a specification for software which is
safe and insecure in that it violates confidentiality.

Suppose now that (loop if input then communicate-private(D) endloop) is vulnerable to modification
which turns it into software satisfying (loop if input then communicate-public(D) endloop), and only
vulnerable to this. Then (S || loop if input then communicate-private(D) endloop) is safe, but may
lose integrity and confidentiality.

These are not necessarily practical examples. Why would you write software to perform (S || loop if
input then communicate-public(D) endloop) when you could modularise it into S and (loop if input
then communicate-public(D) endloop)? You might accidentally write such software, and be then rightly
condemned for poor software design. But you could.

What seems a little harder to construct is an example of software which is safe (that is, implements
a safety function per requirement) but may be made to violate availability. Anyone?

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20171102/eeae5e8a/attachment.sig>


More information about the systemsafety mailing list