How explicit are the barriers to failure in safety arguments?

Safety cases embody arguments that demonstrate how safety properties of a system are upheld. Such cases implicitly document the barriers that must exist between hazards and vulnerable components of a system. For safety certification, it is the analysis of these barriers that provide confidence in the safety of the system. The explicit representation of hazard barriers can provide additional insight for the design and evaluation of system safety. They can be identified in a hazard analysis to allow analysts to reflect on particular design choices. Barrier existence in a live system can be mapped to abstract barrier representations to provide both verification of barrier existence and a basis for quantitative measures between the predicted barrier behaviour and performance of the actual barrier. This paper explores the first stage of this process, the binding between explicit mitigation arguments in hazard analysis and the barrier concept. Examples from the domains of computer-assisted detection in mammography and free route airspace feasibility are examined and the implications for system certification are considered

Does A Loss of Social Credibility Impact Robot Safety?

This position paper discusses the safety-related functions performed by assistive robots and explores the relationship between trust and effective safety risk mitigation. We identify a measure of the robot’s social effectiveness, termed social credibility, and present a discussion of how social credibility may be gained and lost. This paper’s contribution is the identification of a link between social credibility and safety-related performance. Accordingly, we draw on analyses of existing systems to demonstrate how an assistive robot’s safety-critical functionality can be impaired by a loss of social credibility. In addition, we present a discussion of some of the consequences of prioritising either safety-related functionality or social engagement. We propose the identification of a mixed-criticality scheduling algorithm in order to maximise both safety-related performance and social engagement

Analyzing and Resolving Issues in Software Project Risk Management

In last decade the main reason for projects failure is poormanagement of software. But now a day’s most of the organizations arefocusing on software project management for making project successful.Software project management provides overall management of softwarefrom project planning phase to project execution. In software projectmanagement we also deal with risks that may occur during developmentof projects. In this paper we analyze risks during management ofsoftware and we resolve issues that come in software project riskmanagement. We introduce some approaches by which we can resolveall the issues regarding software risk management. Risk managementalso suggests us that how we can avoid risks and if risks occur then howwe can control those risks. By analyzing software risk management, wecome to know that what factors affect risk management and how we canremove them. Software risk management manages all risks efficientlyand makes our project successful

Human Risk Assessment and Mitigation Using Bow Tie Strategy

Human reliability assessment (HRA) techniques are used for quantifying human error probability for the purpose of providing feedback regarding the overall performance, and most importantly, safety of the system. Performing HRA involves various activities, including task analysis, conducting experiments, which have been found generally difficult, time-consuming and costly. In this project, the whole process will be based on HRA methodology. For problem identification, a survey and interview are conducted. The task analysis of the finding was then constructed and the cause of human error is identified using human HAZOP and to be considered in Fault Tree Analysis (FTA) while all the controls will be developed. The Event Tree Analysis then developed based on consequences of the human error and all the control will be developed as well. The analysis then combined and Bow-Tie analysis is developed

Prototyping Operational Autonomy for Space Traffic Management

Current state of the art in Space Traffic Management (STM) relies on a handful of providers for surveillance and collision prediction, and manual coordination between operators. Neither is scalable to support the expected 10x increase in spacecraft population in less than 10 years, nor does it support automated manuever planning. We present a software prototype of an STM architecture based on open Application Programming Interfaces (APIs), drawing on previous work by NASA to develop an architecture for low-altitude Unmanned Aerial System Traffic Management. The STM architecture is designed to provide structure to the interactions between spacecraft operators, various regulatory bodies, and service suppliers, while maintaining flexibility of these interactions and the ability for new market participants to enter easily. Autonomy is an indispensable part of the proposed architecture in enabling efficient data sharing, coordination between STM participants and safe flight operations. Examples of autonomy within STM include syncing multiple non-authoritative catalogs of resident space objects, or determining which spacecraft maneuvers when preventing impending conjunctions between multiple spacecraft. The STM prototype is based on modern micro-service architecture adhering to OpenAPI standards and deployed in industry standard Docker containers, facilitating easy communication between different participants or services. The system architecture is designed to facilitate adding and replacing services with minimal disruption. We have implemented some example participant services (e.g. a space situational awareness provider/SSA, a conjunction assessment supplier/CAS, an automated maneuver advisor/AMA) within the prototype. Different services, with creative algorithms folded into then, can fulfil similar functional roles within the STM architecture by flexibly connecting to it using pre-defined APIs and data models, thereby lowering the barrier to entry of new players in the STM marketplace. We demonstrate the STM prototype on a multiple conjunction scenario with multiple maneuverable spacecraft, where an example CAS and AMA can recommend optimal maneuvers to the spacecraft operators, based on a predefined reward function. Such tools can intelligently search the space of potential collision avoidance maneuvers with varying parameters like lead time and propellant usage, optimize a customized reward function, and be implemented as a scheduling service within the STM architecture. The case study shows an example of autonomous maneuver planning is possible using the API-based framework. As satellite populations and predicted conjunctions increase, an STM architecture can facilitate seamless information exchange related to collision prediction and mitigation among various service applications on different platforms and servers. The availability of such an STM network also opens up new research topics on satellite maneuver planning, scheduling and negotiation across disjoint entities

Risk management and architecture design in securing cloud platforms: Case study of cloud models

Utilization of cloud environment has become more relevant for different companies and industries and should be considered when building new projects and migrating service from different service providers. As companies are trying to utilize cloud environments the knowledge about these might be lacking and thus increasing knowledge and introducing possible solutions is essential. This means that increasing knowledge about different approaches possible in cloud also different issues can be identified. Based on this kind of knowledge can the discussion about the possibility for utilizing cloud environments be improved. The use case for this study is the risk management and architecture design comparing of different cloud types and models based on a case study. Also, based on these different kinds of cloud types and models the security issues and countermeasures are discussed in a way that these measures could help to control or mitigate issues from happening. For finding feasible architecture designs these measures are to be considered alongside the responsibilities for different cloud models with the help of risk management. Risk management itself introduces risks and issues that are identified from cases and discussed as of how to control them within different cases. This thesis studies the possible issues and risks through a literature review that are associated with different cloud types and models. Also, introducing case study of three different cases that utilize these approaches and introduces such issues and risks associated with those cases. For identified issues and risks also relevant security methods and measures are studied through literature review and introduced to be utilized in risk management and architecture design. Based on these reviews a risk management is conducted to introduced cases where issues and risks are introduced with identification of real-world use case. Also, architecture design is introduced in a way that utilizes identified risks, control, and mitigation measures for protecting resources. What different possibilities and components to consider depending on different cases are also discussed as not all the risks can be mitigated with certain measures and would need more thought on as of what cloud type and model to utilize. Thesis also discusses about the three identified topics of risks, security measures and architecture and identifies relevant information from them for consideration. Thesis discusses about three different cases that were studied in a way as of how they differentiate from each other in the common field of risks, security measures and architecture design as they utilize the cloud in a different way. Discussion introduces the results and more detailed discussion that were identified from these three main topics. Detailed discussion itself contains similarities and differences identified from different cases and introduces more discussions based on those topics

A pattern-based development of secure business processes

Iga andmeturbest huvitatud äriettevõte valib iseendale sobilikud turvameetmed, et vältida ootamatuid sündmusi ja õnnetusi. Nende turvameetmete esmane ülesanne on kaitsta selle äriettevõtte ressursse ja varasid. Äriettevõtetes aset leidvad õnnetused (vähemtähtsad või katastroofilised) on enamikel juhtudel oma olemuselt sarnased ning põhjustatud sarnaste turvariskide poolt. Paljudel andmeturbe spetsialistidel on raskusi leidmaks õiget lahendust konkreetsetele probleemidele, kuna eelmiste samalaadsete probleemide lahendused ei ole korrektselt dokumenteeritud. Selles kontekstis on turvalisuse mustrid (Security Patterns) kasulikud, kuna nad esitavad tõestatud lahendusi spetsiifiliste probleemide jaoks. Käesolevas väitekirjas arendasime välja kümme turvariskidele suunatud mustrit (SRP ehk Security Risk-oriented Patterns) ja defineerisime, kuidas kasutada neid mustreid vastumeetmetena turvariskidele äriprotsesside mudelite sees. Oma olemuselt on need mustrid sõltumatud modelleerimiskeelest. Lihtsustamaks nende rakendamist, on mudelid esitatud graafilises vormingus äriprotsesside modelleerimise keeles (BPMN). Me demonstreerime turvariskidele suunatud mustrite (SRP) kasutatavust kahe tööstusettevõtte ärimudeli näite põhjal. Esitame mustrite rakendamise kohta kvantitatiivsed analüüsid ja näitame, kuidas turvariskidele suunatud mustrid (SRP) aitavad demonstreerida andmeturbe nõrku kohti ärimudelites ning pakume välja lahendusi andmeturvalisusega seotud probleemidele. Selle uurimistöö tulemused võivad julgustada andmeturvalisusega tegelevaid analüütikuid jälgima mustritel-põhinevaid lähenemisi oma äriettevõtete kaitsmiseks, et aidata seeläbi kaasa ka infosüsteemide (Information Systems (IS)) kaitsmisele.Every security concerned enterprise selects its own security measures in order to avoid unexpected events and accidents. The main objective of these security measures is to protect the enterprise’s own resources and assets from damage. Most of the time, the accidents or disasters take place in enterprise are similar in nature, and are caused by similar kind of vulnerabilities. However, many security analysts find it difficult to select the right security measure for a particular problem because the previous proven solutions are not properly documented. In this context Security Patterns could be helpful since they present the proven solutions that potentially could be reused in the similar situations. In this thesis, we develop a set of ten Security Risk-oriented Patterns (SRP) and define the way how they could be used to define security countermeasures within the business process models. In principle, patterns are modelling language-independent. Moreover, to ease their application, we represent them in a graphical form using the Business Process Modelling Notation (BPMN) modelling approach. We demonstrate the usability of the Security Risk-oriented Patterns (SRP) by applying them on two industrial business models. We present the quantitative analysis of their application. We show that Security Risk-oriented Patterns (SRP) help to determine security risks in business models and suggest rationale for security solutions. The results of this research could potentially encourage the security analysts to follow pattern-based approach to develop secure business processes, thus, contributing to secure Information Systems (IS)

Long Operations’ Risk Assessment of an Airline Company

Since the beginning of aviation industry, commercial aviation is being facing an exponential growth due to the huge demand in passenger and cargo transport. This overdevelopment was only possible thanks to the continuous improvements of safety levels all over the decades. In this context, considering all advantages of an integrated Safety Management System along with the irregularity, in operational terms, of the airline operator euroAtlantic Airways (EAA) in this work is developed a study of feasibility of the current model for assessing operational risks of this company for its long-term operations. This dissertation consists in an implementation study of a long-term operations’ safety risk assessment matrix. With this purpose, all operational areas of this airline company are essential in the first phase of this project for identification of each sector’s hazards and respective mitigation measures. All listed hazards and consequent risks are then classified into likelihood and severity and encompassed in a risk assessment matrix. In a final stage, the matrix is uploaded in company’s integrated Safety Management System in order to guarantee its feasibility. Three of the most demanding long-term operations of the last two years were then used as examples to analyse matrix’s viability for future operations’ assessment. Finally, improvements for the company current risk assessment system are proposed in order to guarantee a better comprehension and analysis of future long-term operations risks and associated mitigations.Desde o nascimento da indústria aeronáutica, a aviação comercial tem sofrido um crescimento exponencial devido à elevada procura no transporte de passageiros e carga. Este desenvolvimento só se tornou possível devido a todas as melhorias nos níveis de segurança operacional praticados ao longo das décadas. Neste contexto, considerando todas as vantagens que advém de um Sistema de Gestão de Segurança Operacional integrado e a irregularidade em termos operacionais do operador de linha aérea euroAtlantic Airways (EAA) desenvolve-se neste trabalho um estudo de viabilidade do atual modelo de análise de risco operacional da companhia para as suas operações prolongadas. Esta dissertação consiste num estudo de implementação de uma matriz de análise de risco de segurança operacional de operações continuadas. Com este intuito todas as áreas operacionais desta companhia aérea são, numa fase inicial deste projeto, essenciais na identificação dos perigos e medidas de mitigação inerentes a cada um dos setores. Todos os perigos elencados, e seus consequentes riscos são posteriormente classificados quanto à probabilidade e severidade e agregados numa matriz de análise de risco. Num estágio final, de forma a garantir a viabilidade da matriz, a mesma foi introduzida e avaliada através do sistema integrado de gestão do risco operacional da companhia. Três das maiores operações prolongadas da companhia nos últimos dois anos foram utilizadas como exemplos para analise da viabilidade quer da matriz, quer de futuras operações da companhia. Por fim, são propostas melhorias ao sistema que se encontra atualmente implementado na companhia de forma a garantir uma melhor compreensão e analise do risco e mitigações associadas de futuras operações prolongadas da companhia