Haut PDF Towards Safety and Security Co-engineering

Towards Safety and Security Co-engineering

Towards Safety and Security Co-engineering

1 Introduction Safety and security are topics often referred in the literature as major concerns to be addressed in systems engineering. Along with the difficulties found in the practice of safety and security in their usual standalone mode, research and industry should also face new challenges arisen from the need of a common prac- tice. The referred need does not only obey to a mere optimization of resources, but it is essentially generated by the emergence - or evolution - of application domains which are identified as both safety and security critical. Indeed, the ob- served dependencies between safety and security aspects in different use cases, the potential conflicts between proposed solutions, the variety of development and analysis methods, and the growing number of exigencies to improve sys- tems’ trustworthiness lead to a singular problematics. Structuring the aspects for a seamless co-engineering process is a vast, complex and, thus, very tough task. This short paper aims to describe, in a non-exhaustive manner, some as- pects to move forward, highlight identified issues and perspectives for solutions, and, finally, address some questions that may enrich the ongoing discussions. In particular, it aims to raise attention on the need for a common practice of safety and security via the consistent integration of known techniques.
En savoir plus

15 En savoir plus

Towards Safety and Security Co-engineering: Challenging Aspects for a Consistent Intertwining

Towards Safety and Security Co-engineering: Challenging Aspects for a Consistent Intertwining

1 Introduction Safety and security are topics often referred in the literature as major concerns to be addressed in systems engineering. Along with the difficulties found in the practice of safety and security in their usual standalone mode, research and industry should also face new challenges arisen from the need of a common prac- tice. The referred need does not only obey to a mere optimization of resources, but it is essentially generated by the emergence - or evolution - of application domains which are identified as both safety and security critical. Indeed, the ob- served dependencies between safety and security aspects in different use cases, the potential conflicts between proposed solutions, the variety of development and analysis methods, and the growing number of exigencies to improve sys- tems’ trustworthiness lead to a singular problematics. Structuring the aspects for a seamless co-engineering process is a vast, complex and, thus, very tough task. This short paper aims to describe, in a non-exhaustive manner, some as- pects to move forward, highlight identified issues and perspectives for solutions, and, finally, address some questions that may enrich the ongoing discussions. In particular, it aims to raise attention on the need for a common practice of safety and security via the consistent integration of known techniques.
En savoir plus

15 En savoir plus

VESSEDIA: Verification Engineering of Safety and Security Critical Industrial Applications Context of the project

VESSEDIA: Verification Engineering of Safety and Security Critical Industrial Applications Context of the project

VESSEDIA: Verification Engineering of Safety and Security Critical Industrial Applications Context of the project As shown by the growing number of vulnerabilities discovered in the code of many connected devices, as well as the emergence of high-level attacks exploiting those vulnerabilities, it becomes crucial to provide effective means to detect and fix as many such security holes as possible. While security concerns must be addressed at every single step of a system lifecycle, from its early design to its everyday use and maintenance, the VESSEDIA project (https://www.vessedia.eu) proposes to focus on two extremely sensitive phases, namely system modeling and software development. VESSEDIA started at the beginning of 2017, for a planned duration of 3 years, and is funded by the European Union’s Horizon 2020 Programme, under grant number 731453. It is coordinated by Austria’s Technikon, with France’s CEA Tech List acting as technical coordinator. All in all, the project gathers 10 partners from 7 countries ranging from Finland to Spain:
En savoir plus

5 En savoir plus

SAFETY? SECURITY/ TWO CULTURES?  REARTICULATING SAFETY AND SECURITY CULTURES IN CRITICAL INFRASTRUCTURES THROUGH THE LENS OF CO-PRODUCTION.

SAFETY? SECURITY/ TWO CULTURES? REARTICULATING SAFETY AND SECURITY CULTURES IN CRITICAL INFRASTRUCTURES THROUGH THE LENS OF CO-PRODUCTION.

In order to prevent and mitigate the risks confronting them, these infrastructures have over time developed measures to increase first and foremost their [r]

1 En savoir plus

Rearticulating Return of experience:  Towards a participatory and flexible REX Information Infrastructure for safety and security management

Rearticulating Return of experience: Towards a participatory and flexible REX Information Infrastructure for safety and security management

Colin Glesner, Université de Liège, Belgian Nuclear research Center SCK- CEN Our technological cultures are increasingly confronted with natural catastrophes, industrial disasters, intentional unlawful acts, or a combination of these elements. Information Infrastructures dedicated to manage post-crisis are key elements to cope with these new risks and the challenges and threats they pose. A system, called REX (for return of experience), aims, in principles, on the one hand at engaging users (crisis actors) through “collective learning processes” and on the other hand, at drawing teachings from previous crises and getting prepared for future ones. Such information infrastructures have been institutionalized and systematized in various high-risk industries (e.g. aviation industry, hospitals, nuclear research) as well as at the national scale for safety and security-related crises in order to increase reflective practices and stimulate a learning process. In Belgium, as elsewhere, several crisis management actors regularly call for the establishment of such an information infrastructure. But how can this system be implemented and “made to work”?
En savoir plus

1 En savoir plus

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach

process as discussed in the international standard IEEE 1233[14]. Nhlabatsi et al. [15] proposed a comparative study of security requirements engineering approaches in order to evaluate the extent to which they can support the evolution of secure software during the change management process. Accordingly, the criteria addresses different perspectives such as the modularization, component architectures, change propagation and change impact analysis. Mead et al. [16], contrary to above works, provided a comparative analysis of the requirement elicitation techniques based on some criteria such as learnability, client acceptance and durability of the requirement elicitation techniques, tools support etc. In addition, this work highlighted the variability of criteria attributes in regards with the requirement engineering methodologies considered in general.
En savoir plus

8 En savoir plus

Moving towards software-defined security in the era of NFV and SDN

Moving towards software-defined security in the era of NFV and SDN

2. Active verification: SFC Path Tracer [ 65 ] is a tool for troubleshooting SFC. Initially, the controller artificially injects probe packet in the chain input to generate the trace. The probe packet is flagged by Explicit Congestion Notification (ECN) field in the IP header [ 195 ] with two bits. Once the probe packet traverses the network elements in the target chain (i.e., when it leaves a forwarder switch to its next hop), it is mirrored by the trace tool to discover which forwarder handled the packet. SDNsec [ 205 ] and REV [ 247 ] are other two active verification mechanisms, in which each switch along the forwarding path computes a Message Authentication Code (MAC) and attaches as a tag to each packet. In SDNsec, MAC is computed with the shared key sharing between the controller and the corresponding switches on the path. The controller can instruct any switches to provide feedback/information and thus inspect the path that was taken through analyzing the tag. Similarly to SDNsec, the REV relies on the same idea of using a symmetric key to compute MAC. At the end, a destination switch leverages a public/private key to generate signature, attaches its with a verification report and sends back to the controller for further examination. One problem of REV is that it comes at the cost of complicated key management and has a high packet overhead, because it implemented based on RSA primitive. Although SDNsec is attempted to reduce the key management cost thereby lightening security property to use only symmetric key for MAC computation (i.e., 128-bits AES), it still incurs engineering complexity to modify and eventually add specific forwarding information (such as forwarding entry field, path validation field, egress switch ID, flow ID, etc.) into the packet header fields. The same complexity issue also occurs in SFC Path Tracer, hence it required to set ECN bits in the IP header to trigger OpenFlow rules and installed the related trace rules in switch tables, such instructing the switches to copy those mirrored packets to the trace tool. It is worth nothing that, this approach generates heavy traffic overhead between the controller and switches.
En savoir plus

165 En savoir plus

Development of performance-based codes, performance criteria and fire safety engineering methods

Development of performance-based codes, performance criteria and fire safety engineering methods

deterministic and probabilistic criteria is presented and the details of these criteria can be found in Hadjisophocleous and Benichou. 24 The different deterministic criteria summarized in Table 1 below, which presents lower and upper limits of various criteria, are currently used for design and in computer models. However, there are still many arguments as to the exact values that should be used. In addition, the criteria are, in some instances, different from one source to another. The differences can, however, be attributed to the fact that some are addressing general types of occupancies and some are addressing only a specific type of occupancy. Further, the range of variance of proposed values varies according to the performance criteria being established. For instance, levels of O 2 and CO (life safety) do not vary considerably from one occupancy to another because the levels of untenable conditions are within the same range for most of the occupants. Stringent values of untenable conditions may correspond to occupant unfamiliarity, physical and mental condition and age. Glass breakage temperature levels, on the other hand, can vary significantly depending on the type of glass used. Furthermore, when establishing criteria, the values depend on the use of the occupancy and the categorization of the occupancy and occupants. For example, the evacuation time allowed in a hotel should be higher than the evacuation time allowed in an office building, since, in the former, the occupants would not be familiar with the building while occupants in the latter building are not only familiar with the building but they may also have regular egress drills.
En savoir plus

34 En savoir plus

Retooling : agricultural health and food safety for improved food and nutrition security, investment and trade

Retooling : agricultural health and food safety for improved food and nutrition security, investment and trade

Towards the development of a sustainable coordination framework, three main actions were conducted at the national and regional levels. The understanding of the international standard setting process as well as advocating for SPS issues impacting trade and economic development in the Caribbean are crucial and necessary aspects of managing and coordinating national and regional SPS systems. Support was provided for CARIFORUM nationals to attend international SPS meetings (IPPC, OIE, CODEX, SPS).

6 En savoir plus

Bringing symmetry between and within safety and security cultures in high-risk organizations

Bringing symmetry between and within safety and security cultures in high-risk organizations

study of safety and security cultures, co-production and ANT ap- proaches present some limitations and jointly applying them poses some challenges that deserve to be discussed. As stated above, co-production remains an idiom, an invitation to think about the mutual shaping of scientific, technological elements with societal ones. It remains relatively vague concerning the status of scientific, technological and societal elements. Are technologies and science part of society? Can we analyze technology, science and society symmetrically, by mobilizing the same vocabulary? These questions are often left unanswered by scholars who deploy the co-production idiom. To that respect, ANT proves useful, as it provides heuristics to identify and explore patterns of co-production within a heterogeneous actor-network. However, the network only exists through interactions and relations within it, which raises the question whether anything exists outside or beyond what the ANT researcher has identified; i.e., the categories s/he is able to trace. There are no ‘larger’ structural forces which constrain or enable the networks under examination. The main issue for ANT researchers then is to decide the bounds of in- vestigation, be they historical, temporal or spatial, as well as which dimensions of the world are to be taken into consideration. This places a lot of weight on the researcher; it also suggests that important features could escape unnoticed. To give an example, in the case of safety and security cultures, the IAEA guidelines and other international and na- tional regulations may be understood as interconnected actors within the network. However, they could also easily be missed by the re- searcher if she con fines herself to staying within one part of the net- work, e.g. by focusing only to the interactions within the site of an organization ’s enclosure.
En savoir plus

9 En savoir plus

Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes

Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes

purposes and therefore, lack essential features considered in this paper, such as real-time monitoring or alert instantiation, towards achieving this objective. According to [8], diagnosis can be divided into three sub problems: detecting the problem, locating it and determining its scope. Detecting the problem means having the knowledge that a safety or a security incident is happening. Locating the problem is knowing what components are at fault or targets of an attack. Determining its scope is being able to identify the affected subsystems. In a nutshell, it means explaining what is happening. In order to do so, a model of what can happen is required. Risk analysis models based on fault and attack trees are suited for that. Then, mapping the ongoing situation to the model allows for finding the roots of the problem or generating hypotheses on evolutions of the problem, such as the objective of an attacker or the next components to fail. Sometimes, though, the ongoing situation might not completely fit the model. Therefore, a measure of the variation of the incident from the model should be provided. Being able to reason beyond the scope of the system is an important part of diagnosis and is what we provide with our model.
En savoir plus

11 En savoir plus

Embracing tensions : Dealing with safety and security in High-risk organizations

Embracing tensions : Dealing with safety and security in High-risk organizations

Abstract High-risk organizations worldwide have to cope with a rising number of risks and threats, from natural hazard risks (due to global warming for example) to intentional and malevolent threats (such as terrorist attacks, cyber-crime, insider threat). In order to do so, they developed over time departments dedicated to the prevention and protection at work. These departments were firstly oriented towards the protection against unintentional hazards and more recently against intentional and malevolent threats. Such departments performs advisory, controlling, sensitizing and executive tasks in the field of safety and security within the organization.
En savoir plus

1 En savoir plus

Safety, Reliability and Security of Industrial Computer Systems

Safety, Reliability and Security of Industrial Computer Systems

Several years of research and experience have also shown that safety is a property of the whole system rather than of its components. Then, the research focus is moving from an attention to the properties of the single system components to a more holistic approach considering the dependability properties of the system as a whole. Hardware, software and human co-operating in a system have to be considered together when designing, developing or evaluating a system. Only a holistic approach, that consider the system components in an integrated way, will catch the complex interactions and the strong inter- dependencies between them, and will ensure the correct interactions, the right allocation of functions and the ability to support each other and to tolerate the reciprocal typical weaknesses. These two trends are reflected by the papers selected for this special issue. Papers deal mainly with the safety analysis of systems or suggests methods and techniques for fault avoidance at the system level and for system validation.
En savoir plus

4 En savoir plus

Towards Security Software Engineering the Smart Grid as a System of Systems

Towards Security Software Engineering the Smart Grid as a System of Systems

3) Confidentiality: Attacks intend to acquire unauthorized information from network resources in the SG. The attackers eavesdrop on communication channels to acquire information such as a customer’s account number, personal profiles of customers which can be used to detect whether people use specific facilities. Such abuses may allow a malicious person to know whether or not you are at home, know your working hours, or if you are away on vacation. The thief could then visit your home without fear of being caught! These attacks have low impact on the functionality of the SG, but very high on customer privacy [1], and social concerns have received more and more attention in recent years. Examples include wiretap- pers and traffic analyzers [16]. These issues may be addressed [15] by anonymous communication technologies. However, to effectively implement these anonymisation mechanisms, it is first necessary to have clearly identified the information to be protected, the inferences to be avoided, and computations to perform on such anonymised data. Moreover, these tech- nologies may cause overhead or delay issues. In addition, network traffic camouflage techniques could be considered to hide critical entities (e.g. database, control center) in the grid.
En savoir plus

7 En savoir plus

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach

elicitation (e.g., feasible) and evaluation (e.g., consistency), documentation (e.g., traceable) as well the stakeholder’s perspectives (e.g., comprehensibility). Figure 2: Sample of our SRE Requirements Elicitation Tool We used this quality criteria list (Figure 2) for initiating our discussion in meetings/interviews during the elicitation phase. Subsequently, we gathered requirements goals from security requirements experts, risk analysis and security assessors. These persons are the stakeholders who intend to use the SRE- methodology-to-be in their context which is deriving aircraft network security requirements. This step solely focuses on conveying the true meaning of the characteristic definitions and collecting various perspectives from the stakeholders to find any missing aspects. This activity is known as “agree upon the anticipated features” in the conventional RE process. It also corresponds to the first procedural step “agree on definitions” of the SQUARE SRE methodology[1].
En savoir plus

7 En savoir plus

Towards a new vision of Information System Engineering

Towards a new vision of Information System Engineering

Context influence Figure 1: Modeling process: a support of company management system and management information system The second is that a design method of a digital information system is a regular process in which design can be broken down into a series of coherent steps, the completion of one is not a starting point of the next, but the process is iterative and incremental. It must help identify the players involved in the development process, their role and skills; help them understand the problem and gather together all the data,the information and the knowledge [1]. The third is that of a problem analysis model which provides a description of the problem. The aim of this analysis model is to define and give specifications of the problem at a very high level of abstraction independently of the implementation of the digital information system. The fourth, an ergonomic or interface approach, considers the digital information system in terms of use. At this level the application is described through the interface and cooperation between the system and the user.
En savoir plus

8 En savoir plus

Co-engineering participatory modelling processes for water planning and management

Co-engineering participatory modelling processes for water planning and management

HAL Id: tel-02591084 https://hal.inrae.fr/tel-02591084 Submitted on 15 May 2020 HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

780 En savoir plus

Towards Augmented Learning in Science and Engineering in Higher Education

Towards Augmented Learning in Science and Engineering in Higher Education

Composite Materials [9] and Traité de la réalité virtuelle [10]. These documents have been selected as they gather entire scientific communities in their authorship, have undergone a rigorous publishing process and are recognized publications in their respective domains. We will be examining both the textual and the visual contents of these works using artificial neural networks and hybrid classification processes combining probabilistic and linguistic approaches in order to establish a coherent core- periphery model for the classification of the contents [11]. The results of this process will be verified through the elicitation of key concepts by domain experts. The resulting models will be used to create domain ontologies using Protégé OWL and optimized to reflect the course requirements of postgraduate engineering students. Once the model is established, external knowledge sources including the aforementioned online encyclopedic knowledge bases can be integrated, to complete the knowledge environment and establish uncharted links. This information will be
En savoir plus

3 En savoir plus

Towards an unified experimentation framework for protocol engineering

Towards an unified experimentation framework for protocol engineering

Figure 2. UEF components an arbitrary complexity to be implemented, the EChannel behavior results from the composition of Experimentation Nodes (ENodes). An example of EChannel that models a satellite link is provided in figure 3. Each ENode is an ac- tive component that offers the necessary ports to achieve the internal communication (pOut and pIn). The nodes are in- dividually parameterized using the pConf port. The pSpy port may be used to give information about the ongoing processed traffic to an external management module. The InputTap is a special ENode intends to capture the traffic coming from the SuT and to prepare it to be processed by the set of EChannel components (e.g., it adds useful fields such as capture timestamps, length, etc.). At the end of the EChannel, the OutputTap get rid of all these working fields, then providing the necessary transparency to the experiment traffic.
En savoir plus

5 En savoir plus

Model-Driven Engineering for Trusted Embedded Systems based on Security and Dependability Patterns

Model-Driven Engineering for Trusted Embedded Systems based on Security and Dependability Patterns

Define needs in terms of properties and/or keywords, Search for patterns in the repository, Select the appropriate pattern from those proposed by the repository, Import the selection int[r]

20 En savoir plus

Show all 10000 documents...

Sujets connexes