14,223 research outputs found
Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications
Over the last years, we have seen several security incidents that compromised
system safety, of which some caused physical harm to people. Meanwhile, various
risk assessment methods have been developed that integrate safety and security,
and these could help to address the corresponding threats by implementing
suitable risk treatment plans. However, an overarching overview of these
methods, systematizing the characteristics of such methods, is missing. In this
paper, we conduct a systematic literature review, and identify 7 integrated
safety and security risk assessment methods. We analyze these methods based on
5 different criteria, and identify key characteristics and applications. A key
outcome is the distinction between sequential and non-sequential integration of
safety and security, related to the order in which safety and security risks
are assessed. This study provides a basis for developing more effective
integrated safety and security risk assessment methods in the future
Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth
Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel
privacy risk elicitation method using a top down approach. It has not gotten
very much attention but may offer a convenient structured approach and
generation of additional artifacts compared to other methods. Aim: The aim of
this exploratory study is to find out what benefits the privacy risk
elicitation method STPA-Priv has and to explain how the method can be used.
Method: Therefore we apply STPA-Priv to a real world health scenario that
involves a smart glucose measurement device used by children. Different kinds
of data from the smart device including location data should be shared with the
parents, physicians, and urban planners. This makes it a sociotechnical system
that offers adequate and complex privacy risks to be found. Results: We find
out that STPA-Priv is a structured method for privacy analysis and finds
complex privacy risks. The method is supported by a tool called XSTAMPP which
makes the analysis and its results more profound. Additionally, we learn that
an iterative application of the steps might be necessary to find more privacy
risks when more information about the system is available later. Conclusions:
STPA-Priv helps to identify complex privacy risks that are derived from
sociotechnical interactions in a system. It also outputs privacy constraints
that are to be enforced by the system to ensure privacy.Comment: author's post-prin
Defining next-generation additive manufacturing applications for the Ministry of Defence (MoD)
“Additive Manufacturing” (AM) is an emerging, highly promising and disruptive technology which is catching the attention of the Defence sector due to the versatility it is offering. Through the combination of design freedom, technology compactness and high deposition rates, technology stakeholders can potentially exploit rapid, delocalized and flexible production. Having the capability to produce highly tailored, fully dense, potentially optimized products, on demand and next to the point of use makes this emerging and immature technology a game changer in the “Defence Support Service” (DS2) sector. Furthermore, if the technology is exploited for the Royal Navy, featured with extended and disrupted supply chains, the benefits are very promising. While most of the AM research and efforts are focusing on the manufacturing/process and design opportunities/topology optimization, this paper aims to provide a creative but educated and validated forecast on what AM can do for the Royal Navy in the future. This paper aims to define the most promising next generation Additive Manufacturing applications for the Royal Navy in the 2025 – 2035 decade. A multidisciplinary methodology has been developed to structure this exploratory applied research study. Moreover, different experts of the UK Defence Value Chain have been involved for primary research and for verification/validation purposes. While major concerns have been raised on process/product qualification and current AM capabilities, the results show that there is a strong confidence on the disruptive potential of AM to be applied in front-end of DS2 systems to support “Complex Engineering Systems” in the future. While this paper provides only next-generation AM applications for RN, substantial conceptual development work has to be carried out to define an AM based system which is able to, firstly satisfy the “spares demands” of a platform and secondly is able to perform in critical environments such as at sea
Some Findings Concerning Requirements in Agile Methodologies
gile methods have appeared as an attractive alternative to conventional methodologies. These methods try to reduce the time to market and, indirectly, the cost of the product through flexible development and deep customer involvement. The processes related to requirements have been extensively studied in literature, in most cases in the frame of conventional methods. However, conclusions of conventional methodologies could not be necessarily valid for Agile; in some issues, conventional and Agile processes are radically different. As recent surveys report, inadequate project requirements is one of the most conflictive issues in agile approaches and better understanding about this is needed. This paper describes some findings concerning requirements activities in a project developed under an agile methodology. The project intended to evolve an existing product and, therefore, some background information was available. The major difficulties encountered were related to non-functional needs and management of requirements dependencies
DPN -- Dependability Priority Numbers
This paper proposes a novel model-based approach to combine the quantitative
dependability (safety, reliability, availability, maintainability and IT
security) analysis and trade-off analysis. The proposed approach is called DPN
(Dependability Priority Numbers) and allows the comparison of different actual
dependability characteristics of a systems with its target values and evaluates
them regarding trade-off analysis criteria. Therefore, the target values of
system dependability characteristics are taken as requirements, while the
actual value of a specific system design are provided by quantitative and
qualitative dependability analysis (FHA, FMEA, FMEDA, of CFT-based FTA). The
DPN approach evaluates the fulfillment of individual target requirements and
perform trade-offs between analysis objectives. We present the workflow and
meta-model of the DPN approach, and illustrate our approach using a case study
on a brake warning contact system. Hence, we demonstrate how the model-based
DPNs improve system dependability by selecting the project crucial dependable
design alternatives or measures
Needs and challenges for assessing the environmental impacts of engineered nanomaterials (ENMs).
The potential environmental impact of nanomaterials is a critical concern and the ability to assess these potential impacts is top priority for the progress of sustainable nanotechnology. Risk assessment tools are needed to enable decision makers to rapidly assess the potential risks that may be imposed by engineered nanomaterials (ENMs), particularly when confronted by the reality of limited hazard or exposure data. In this review, we examine a range of available risk assessment frameworks considering the contexts in which different stakeholders may need to assess the potential environmental impacts of ENMs. Assessment frameworks and tools that are suitable for the different decision analysis scenarios are then identified. In addition, we identify the gaps that currently exist between the needs of decision makers, for a range of decision scenarios, and the abilities of present frameworks and tools to meet those needs
- …