You are required to read and agree to the below before accessing a full-text version of an article in the IDE article repository.

The full-text document you are about to access is subject to national and international copyright laws. In most cases (but not necessarily all) the consequence is that personal use is allowed given that the copyright owner is duly acknowledged and respected. All other use (typically) require an explicit permission (often in writing) by the copyright owner.

For the reports in this repository we specifically note that

  • the use of articles under IEEE copyright is governed by the IEEE copyright policy (available at http://www.ieee.org/web/publications/rights/copyrightpolicy.html)
  • the use of articles under ACM copyright is governed by the ACM copyright policy (available at http://www.acm.org/pubs/copyright_policy/)
  • technical reports and other articles issued by M‰lardalen University is free for personal use. For other use, the explicit consent of the authors is required
  • in other cases, please contact the copyright owner for detailed information

By accepting I agree to acknowledge and respect the rights of the copyright owner of the document I am about to access.

If you are in doubt, feel free to contact webmaster@ide.mdh.se

Inadequate Risk Analysis Might Jeopardize The Functional Safety of Modern Systems

Fulltext:


Publication Type:

Article, research overeview


Abstract

In the early 90s, researchers began to focus on security as an important property to address in combination with safety. Over the years, researchers have proposed approaches to harmonize activities within the safety and security disciplines. Despite the academic efforts to identify interdependencies and to propose combined approaches for safety and security, there is still a lack of integration between safety and security practices in the industrial context, as they have separate standards and independent processes often addressed and assessed by different organizational teams and authorities. Specifically, security concerns are generally not covered in any detail in safety standards potentially resulting in successfully safety-certified systems that still are open for security threats from e.g., malicious intents from internal and external personnel and hackers that may jeopardize safety. In recent years security has again received an increasing attention of being an important issue also in safety assurance, as the open interconnected nature of emerging systems makes them susceptible to security threats at a much higher degree than existing more confined products.This article presents initial ideas on how to extend safety work to include aspects of security during the context establishment and initial risk assessment procedures. The ambition of our proposal is to improve safety and increase efficiency and effectiveness of the safety work within the frames of the current safety standards, i.e., raised security awareness in compliance with the current safety standards. We believe that our proposal is useful to raise the security awareness in industrial contexts, although it is not a complete harmonization of safety and security disciplines, as it merely provides applicable guidance to increase security awareness in a safety context.

Bibtex

@article{Hanninen4623,
author = {Kaj H{\"a}nninen and Hans Hansson and Henrik Thane and Mehrdad Saadatmand},
title = {Inadequate Risk Analysis Might Jeopardize The Functional Safety of Modern Systems},
month = {March},
year = {2016},
url = {http://www.es.mdh.se/publications/4623-}
}