Associate Professor of computer science at KTH
Safety-security co-engineering (a formal outlook)
Safety-critical control systems become increasingly open and interconnected. While offering greater flexibility and possibility to provide richer functionality, the increased system openness also introduces security threats. Security vulnerabilities can be exploited to undermine safety, e.g., by tampering with sensor data or hijacking the controlling functions. Though it is clear that safety and security requirements are interdependent, there is still a lack of the techniques that enable their integrated analysis. We have developed an approach that allows the designers to derive and formalise safety and security requirements in a structured systematic way. To elicit both types of the requirements, we adapt and integrate traditional safety and security analysis techniques. We rely on correct-by-construction approach to formally specify and verify complex system behaviour in presence of both accidental and malicious faults. The proposed approach enables a holistic treatment of safety and security aspects.