14,223 research outputs found

    Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    Get PDF
    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

    Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth

    Full text link
    Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel privacy risk elicitation method using a top down approach. It has not gotten very much attention but may offer a convenient structured approach and generation of additional artifacts compared to other methods. Aim: The aim of this exploratory study is to find out what benefits the privacy risk elicitation method STPA-Priv has and to explain how the method can be used. Method: Therefore we apply STPA-Priv to a real world health scenario that involves a smart glucose measurement device used by children. Different kinds of data from the smart device including location data should be shared with the parents, physicians, and urban planners. This makes it a sociotechnical system that offers adequate and complex privacy risks to be found. Results: We find out that STPA-Priv is a structured method for privacy analysis and finds complex privacy risks. The method is supported by a tool called XSTAMPP which makes the analysis and its results more profound. Additionally, we learn that an iterative application of the steps might be necessary to find more privacy risks when more information about the system is available later. Conclusions: STPA-Priv helps to identify complex privacy risks that are derived from sociotechnical interactions in a system. It also outputs privacy constraints that are to be enforced by the system to ensure privacy.Comment: author's post-prin

    Defining next-generation additive manufacturing applications for the Ministry of Defence (MoD)

    Get PDF
    “Additive Manufacturing” (AM) is an emerging, highly promising and disruptive technology which is catching the attention of the Defence sector due to the versatility it is offering. Through the combination of design freedom, technology compactness and high deposition rates, technology stakeholders can potentially exploit rapid, delocalized and flexible production. Having the capability to produce highly tailored, fully dense, potentially optimized products, on demand and next to the point of use makes this emerging and immature technology a game changer in the “Defence Support Service” (DS2) sector. Furthermore, if the technology is exploited for the Royal Navy, featured with extended and disrupted supply chains, the benefits are very promising. While most of the AM research and efforts are focusing on the manufacturing/process and design opportunities/topology optimization, this paper aims to provide a creative but educated and validated forecast on what AM can do for the Royal Navy in the future. This paper aims to define the most promising next generation Additive Manufacturing applications for the Royal Navy in the 2025 – 2035 decade. A multidisciplinary methodology has been developed to structure this exploratory applied research study. Moreover, different experts of the UK Defence Value Chain have been involved for primary research and for verification/validation purposes. While major concerns have been raised on process/product qualification and current AM capabilities, the results show that there is a strong confidence on the disruptive potential of AM to be applied in front-end of DS2 systems to support “Complex Engineering Systems” in the future. While this paper provides only next-generation AM applications for RN, substantial conceptual development work has to be carried out to define an AM based system which is able to, firstly satisfy the “spares demands” of a platform and secondly is able to perform in critical environments such as at sea

    Some Findings Concerning Requirements in Agile Methodologies

    Get PDF
    gile methods have appeared as an attractive alternative to conventional methodologies. These methods try to reduce the time to market and, indirectly, the cost of the product through flexible development and deep customer involvement. The processes related to requirements have been extensively studied in literature, in most cases in the frame of conventional methods. However, conclusions of conventional methodologies could not be necessarily valid for Agile; in some issues, conventional and Agile processes are radically different. As recent surveys report, inadequate project requirements is one of the most conflictive issues in agile approaches and better understanding about this is needed. This paper describes some findings concerning requirements activities in a project developed under an agile methodology. The project intended to evolve an existing product and, therefore, some background information was available. The major difficulties encountered were related to non-functional needs and management of requirements dependencies

    DPN -- Dependability Priority Numbers

    Full text link
    This paper proposes a novel model-based approach to combine the quantitative dependability (safety, reliability, availability, maintainability and IT security) analysis and trade-off analysis. The proposed approach is called DPN (Dependability Priority Numbers) and allows the comparison of different actual dependability characteristics of a systems with its target values and evaluates them regarding trade-off analysis criteria. Therefore, the target values of system dependability characteristics are taken as requirements, while the actual value of a specific system design are provided by quantitative and qualitative dependability analysis (FHA, FMEA, FMEDA, of CFT-based FTA). The DPN approach evaluates the fulfillment of individual target requirements and perform trade-offs between analysis objectives. We present the workflow and meta-model of the DPN approach, and illustrate our approach using a case study on a brake warning contact system. Hence, we demonstrate how the model-based DPNs improve system dependability by selecting the project crucial dependable design alternatives or measures

    Needs and challenges for assessing the environmental impacts of engineered nanomaterials (ENMs).

    Get PDF
    The potential environmental impact of nanomaterials is a critical concern and the ability to assess these potential impacts is top priority for the progress of sustainable nanotechnology. Risk assessment tools are needed to enable decision makers to rapidly assess the potential risks that may be imposed by engineered nanomaterials (ENMs), particularly when confronted by the reality of limited hazard or exposure data. In this review, we examine a range of available risk assessment frameworks considering the contexts in which different stakeholders may need to assess the potential environmental impacts of ENMs. Assessment frameworks and tools that are suitable for the different decision analysis scenarios are then identified. In addition, we identify the gaps that currently exist between the needs of decision makers, for a range of decision scenarios, and the abilities of present frameworks and tools to meet those needs

    A Changing Landscape:On Safety & Open Source in Automated and Connected Driving

    Get PDF
    • …
    corecore