How to efficiently and effectively bring safety and security into software and system development?
ICSSP 2018 is proud to present the panel “How to efficiently and effectively bring safety and security into software and system development?” moderated by Reda Bendraou. The panel will start on Saturday, May 26, 2018 15:45 (see program overview).
In a variety of application domains (e.g. avionics, telecommunications, transportation, automotive, energy industry), engineering methods and practices, engineering support tools, and architectural solutions are available to answer demanding safety or security requirements. Such methods, tools, and architectural solutions can be enforced by domain specific standards and certification processes. However, in all domains, the demand for new capabilities and the technology opportunities for more integrated devices and more interconnected subsystems are challenging the established practices and architectural solutions. In particular, some systems, subsystems or equipment must now comply simultaneously to “Safety” and “Security” requirements and standards. This is especially true in a context where nowadays cars and aircrafts do not live anymore in isolation but tend to be more and more interconnected with external systems or terminals opening the path for security intrusions.
Current software development methods often do not take into account the interaction between concerns such as safety and security at the early stages of software development efforts, resulting in the late detection of interaction of safety and security. This could lead to a redesign process using non-optimal solutions (patch approach) to fulfil the safety and security requirements. In some domains, security and safety issues (and especially interaction between them) are not systematically taken into account due to the economic and project time line pressures. A lack of consensus on how security and safety requirements should be realized and what level is sufficient to provide cost-effective safety and security is also noticed
While multiple concerns and their interdependencies should be taken into account in all steps of the development process, including critical concerns such as safety and security, they are mainly affected during the early phases of development, i.e.
- Requirements Engineering
- System architecture/concept
- Top-level design
The Panel aims to discuss all these different concerns including but not only, domain-specific standards and regulations regarding safety, security, best practices, trade-offs, lessons learned and most of all how to integrate those concerns efficiently in the development process. The panel will be conducted in a question-answer like way to trigger the discussion.