1

National Workshop on Aviation Software Systems:

Design for Certifiably Dependable Systems

Natasha Neogi

October 5-6, 2006

Arlington, VA

2

The Next Generation Air Transportation System

QuickTime™ and aCinepak decompressor

are needed to see this picture.

3

Security and Safety Issues

Security and Safety are highest priorities • Self-inflicted DOS or DOI not an option• Liveness (physical systems must obey

dynamic constraints) • Most access/authentication systems not

appropriate Diversity involves multiple technologies Integrity and Availability can be more important

than Confidentiality

Safety and Security Properties can lead to Competing Requirements

4

Sustainment & Retirement

Requirements Specification and Analysis

System Specification

Modelling:Components and Interfaces

Integration of Techniques

Simulation and Testing

Assessment and Measurements

Approach:•Build in Safety/ Security from system inception•Evaluate tradeoff between Safety and Security throughout the lifecycle•Can use tradeoff analysis to evaluate/distinguish between design alternatives

Safety and Security Tradeoffs

System Safety Process

Preliminary Hazard

Analysis

Monitor Residual Risk

Accident and Risk Models

Elimination, Mitigation,

Control

Certification

System Security Process

Preliminary Threat

Assessment

Certification

Monitor Vulnerability

Vulnerabilities

and Attack Models

Avoidance, Detection,Masking

5

Fundamental Research Questions

How do you quantify safety and security in a predictive manner?

What are the effects of other qualities on safety, security and their relationship• Capacity, Efficiency, Environmental etc.

Can we model/quantify tradeoffs for the relationship between safety and security?

6

Thank You!

QuickTime™ and aCinepak decompressor

are needed to see this picture.