An Assurance Framework for Independent Co-assurance of Safety and Security

Authors

  • Nikita Johnson University of York, U.K.
  • Tim Kelly University of York, U.K.

DOI:

https://doi.org/10.56094/jss.v54i3.62

Keywords:

safety, security, SSAF, STPA, socio-technical

Abstract

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons, such as mismatched processes, inadequate information, differing use of language and philosophies, etc. Many co-assurance techniques rely on disregarding some of these challenges to present a unified methodology. Even with this simplification, no methodology has been widely adopted, primarily because this approach is unrealistic when met with the complexity of real-world system development.

This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to a unified co-assurance, which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. In this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronization activities.

Author Biographies

Nikita Johnson, University of York, U.K.

Nikita Johnson is a Ph.D. student in the High Integrity System Engineering research group at the University of York, U.K. She has a background in computer science and artificial intelligence, and has worked on projects managing big data and risk reduction for IBM and Lloyds Banking Group. She is currently working with BAE Systems on a project to develop a safety-security assurance framework for complex systems, such as unmanned aircraft systems.

Tim Kelly, University of York, U.K.

Dr. Kelly is a Senior Lecturer within the Department of Computer Science at the University of York. He is also Deputy Director of the Rolls-Royce Systems and Software Engineering University Technology Centre funded at York. He is perhaps best known for his work on safety case development, particularly on refining and extending the Goal Structuring Notation (GSN).

Article

Downloads

Published

2018-12-01

How to Cite

Johnson, N., & Kelly, T. (2018). An Assurance Framework for Independent Co-assurance of Safety and Security. Journal of System Safety, 54(3), 32–38. https://doi.org/10.56094/jss.v54i3.62