Abstract

n Adelard we have been assessing the safety of computer based systems for many years. Recently we have been researching an approach to security informed safety, trying to identify what the similarities and differences are and what should be done about it, particularly how safety cases need to change. Broadly speaking, we see safety as concerned with protecting the environment from the system whereas security is concerned with protecting the system from the environment.

This brief talk will introduce the range of work we do and our applied research to give an idea of my background and then review some overlaps and tension between safety and security principles. From a safety system perspective, security principles such as economy of mechanism, least privilege, and psychological acceptability are probably all readily acceptable. Other principles, such as complete mediation and end-to-end arguments, could have a significant impact on the architecture and performance of systems. But perhaps the most radical security principles from a safety perspective are those based on Kerchoffs’ principle, ease of recovery and open design.

I would like to discuss how we might take a principled approach to open design that has technical underpinning and would also welcome exchanges on any of the issues raised by security informed safety.