Critical systems must be both safe from inadvertent harm and secure from malicious actors. However, safety and security practices have historically evolved in isolation. Safety-critical systems, such as aircraft and medical devices, have long been analyzed for problems that could arise accidentally or from component degradation. They have been considered standalone systems, however, that were impervious to security issues because they had no networking capabilities. Security research, on the other hand, focused to a large extent on low-level issues (e.g., buffer overflows) and often did not make explicit connections to safety goals. There is a growing understanding that the safety and security communities are not well coordinated, and a growing recognition that this disconnect is harmful. In this blog post, we describe how research on safety and security engineering at the SEI is being applied to improve this coordination.
Modern critical systems, such as the CH-47F Chinook, TARDEC Autonomous Truck, and Little Bird, must be shown to be both safe and secure, but this is proving challenging as they are also increasingly complex. Indeed, the pace and scale of development of these systems makes the traditional safety and security analyses cost prohibitive. At the SEI, we are developing software and processes that use a system’s architecture as the starting point for assessing and improving safety and security.
Our work in this area is largely based on AADL, the internationally standardized Architecture Analysis and Design Language. Standardized under the auspices of SAE International, AADL is a modeling language that has been adopted throughout industry, particularly in the aeronautics sector for modeling and analyzing embedded computing-based cyber-physical systems. SEI has been the primary driver behind the language for its entire 15-year existence.
Systems can, of course, be represented in myriad formats in addition to AADL, such as box-and-line diagrams on a whiteboard, Unified Modeling Language (UML) or Systems Modeling Language (SysML) diagrams, or a large list of requirements. Each of these formats has different
This article is purposely trimmed, please visit the source to read the full article.
The post Integrating Safety and Security Engineering for Mission-Critical Systems appeared first on Carnegie Mellon University's Software Engineering Institute Blog.