Notes - MCS
Robust Software
Notes - MCS
Robust Software
  • Robust Software
  • Secure Software Design Principles
    • Motivation
    • Secure and Resilient/Robust Software
    • Best Practices for Resilient Applications
    • Designing Applications for Security and Resilience
    • Architecture for the Web/Cloud
  • Software Security Lifecycle
    • Motivation
    • Secure Development Lifecycle
    • Software Security Touchpoints
    • Software Assurance Forum for Excellence in Code (SAFECode)
    • Secure SW Lifecycle Processes Summary
    • Adaptations of the Secure Software Lifecycle
    • Assessing the Secure Software Lifecycle
    • Recommendations
  • Software Quality Attributes
    • Motivation
    • Software Quality Assurance
    • Software Quality Standards
    • Software Quality Attributes
    • Extra Software Quality Assurance Properties
  • Security Requirements
    • Motivation
    • Security Requirements
    • Threats
    • Defenses
    • Confidentiality
    • Integrity
    • Availability
    • What about other goals/properties?
    • Security Requirements Engineering
    • Types of Security Requirements
    • Security Policy
    • Precision
    • Completeness and Consistency
    • Examples of Non-Functional Requirements
    • Goals and Requirements
    • Measures
    • Requirements Interaction
    • Natural Language Requirements
    • Best Practices
  • Common Software Attacks
    • Objectives
    • 10 Major Cyber-Attacks of 21st Century
    • Software Security Basics
    • Defenses Methods
    • SANS SWAT Checklist
  • Safe Programming
    • Secure Coding Practices
    • Top 10 Secure Coding Practices (CERT/SEI)
    • 7 Pernitious Kingdoms
  • Robustness, PenTest, Fuzzy and Static Code Analysis
    • Security/Robustness Testing
    • Robustness Tests Checklist Example
    • Penetration Testing
    • Penetration Testing Roadmap
    • Tools
    • Fuzz Testing
    • Static Code Analysis
    • Side Channels
  • Safety (and Security)
    • Safety
    • A safety Lifecycle Example
    • Risk Management Process
    • System Definition
    • Hazard Identification and Classification
    • Desk-based Hazard Identification
    • Workshop-based Hazard Identification
    • HAZOP
    • Hazard Identification and Classification
      • Broadly acceptable risks
    • Risk Evaluation and Risk Acceptance
    • Use of codes of practice
    • Use of reference system
    • Explicit risk estimation
    • Qualitative risk estimation
    • Quantitative risk estimation
    • Safety measures
    • Safety requirements
    • Hazard Management
    • Hazard life cycle
    • Independent Assessment
    • Safety Plan
    • Safety Case
    • FMEA Example
    • DevSecOps
Powered by GitBook
On this page
  1. Safety (and Security)

Safety

A sensor that detects smoke and triggers the activation of a water sprinkler system inside a building.

The enclosure is placed around a socket to protect users against accidental contact with electrical parts.

Train doors automatically close and remain closed during the length of the trip.

These are just a few examples of safety measures that are utilized with electrical devices.

Safety is commonly defined as the freedom from unacceptable risk of physical injury.

Safety-critical industries are ruled by international standards that provide extra assurance about the safety level of the systems by promoting safety as an integral aspect of devices and systems, thus protecting people, critical infrastructures, economies, and the environment.

These standards can address aspects of safety that apply to many products or specifically address a single product type or industry.

Three clear examples of industries that rely on safety:

  • Automotive:

    • ISO 26262, "Road vehicles – Functional safety".

  • Aeronautics:

    • DO-178C, “Software Considerations in Airborne Systems and Equipment Certification”.

  • Railway:

    • CENELEC EN 50128, “Railway applications - Communication, signaling and processing systems - Software for railway control and protection systems”.

    • CENELEC EN 50657.

How to ensure safety?

Safety is “ensured” by strict rules, specific analysis, and certification/qualification of systems.

We need to be in control, thus a set of clear processes must be planned and applied.

  • Lifecycle activities as for Security.

  • Assessments and Analysis (as for Security).

  • Training or proven experience.

  • System/Environment knowledge.

  • Risk/Hazards Analysis.

  • System and Safety Requirements.

  • Follow up on development (traceability).

  • Verify and Validate.

  • Build and maintain a Safety Dossier (Safety Case).

  • Support external Independent Assessors…

Last updated 1 year ago