14,986 research outputs found
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Hazard Contribution Modes of Machine Learning Components
Amongst the essential steps to be taken towards developing and deploying safe systems with embedded learning-enabled components (LECs) i.e., software components that use ma- chine learning (ML)are to analyze and understand the con- tribution of the constituent LECs to safety, and to assure that those contributions have been appropriately managed. This paper addresses both steps by, first, introducing the notion of hazard contribution modes (HCMs) a categorization of the ways in which the ML elements of LECs can contribute to hazardous system states; and, second, describing how argumentation patterns can capture the reasoning that can be used to assure HCM mitigation. Our framework is generic in the sense that the categories of HCMs developed i) can admit different learning schemes, i.e., supervised, unsupervised, and reinforcement learning, and ii) are not dependent on the type of system in which the LECs are embedded, i.e., both cyber and cyber-physical systems. One of the goals of this work is to serve a starting point for systematizing L analysis towards eventually automating it in a tool
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
New Challenges in Critical Infrastructures : A US Perspective
L'Ă©mergence d'un plus large spectre de vulnĂ©rabilitĂ©s (terrorisme, sabotage, conflits locaux et catastrophes naturelles) et l'interdĂ©pendance croissante de l'activitĂ© Ă©conomique rendent particuliĂšrement vulnĂ©rables les grands rĂ©seaux vitaux des pays industrialisĂ©s. Pour y faire face, des actions importantes doivent ĂȘtre menĂ©es Ă une Ă©chelle nationale, en particulier par le dĂ©veloppement de partenariats Ă©troits entre le secteur public et la sphĂšre privĂ©e.Cet article analyse l'initiative prĂ©sidentielle lancĂ©e dĂšs 1996 aux Etats-Unis -premier pays au monde Ă inscrire ces questions Ă l'agenda du plus haut niveau dĂ©cisionnel- ainsi que la structure nationale de partenariats mis en place depuis lors. Une telle dĂ©marche pourrait constituer un point de dĂ©part pour d'autres pays dĂ©sireux d'Ă©laborer leur propre analyse de vulnĂ©rabilitĂ©s et leur stratĂ©gie d'amĂ©lioration.Les Ă©vĂ©nements du 11 septembre 2001, comme les attaques Ă l'anthrax, ont nĂ©anmoins montrĂ© que les avancĂ©es amĂ©ricaines ne constituaient qu'une premiĂšre Ă©tape d'un processus plus global de prĂ©paration nationale; les infrastructures critiques des Etats-Unis demeurent hautement vulnĂ©rables. Enfin, plusieurs idĂ©es fausses, par trop souvent rĂ©currentes, doivent ĂȘtre dĂ©passĂ©es pour traiter beaucoup plus efficacement ces risques Ă grande Ă©chelle sur un plan international.Partenariats public-privĂ©;Risques Ă grande Ă©chelle;Infrastructures critiques;Nouvelles vulnĂ©rabilites;SĂ©curitĂ© nationale;PrĂ©paration collective
- âŠ