Conference paper Open Access

# Security-Informed Safety Case Approach to Analysing MILS Systems

Netkachova, Kateryna; Müller, Kevin; Paulitsch, Michael; Bloomfield, Robin

### DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<identifier identifierType="DOI">10.5281/zenodo.47987</identifier>
<creators>
<creator>
<creatorName>Netkachova, Kateryna</creatorName>
<givenName>Kateryna</givenName>
<familyName>Netkachova</familyName>
<affiliation>City University London</affiliation>
</creator>
<creator>
<creatorName>Müller, Kevin</creatorName>
<givenName>Kevin</givenName>
<familyName>Müller</familyName>
<affiliation>Airbus Group Innovations</affiliation>
</creator>
<creator>
<creatorName>Paulitsch, Michael</creatorName>
<givenName>Michael</givenName>
<familyName>Paulitsch</familyName>
<affiliation>Thales Austria GmbH</affiliation>
</creator>
<creator>
<creatorName>Bloomfield, Robin</creatorName>
<givenName>Robin</givenName>
<familyName>Bloomfield</familyName>
<affiliation>City University London</affiliation>
</creator>
</creators>
<titles>
<title>Security-Informed Safety Case Approach to Analysing MILS Systems</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2015</publicationYear>
<subjects>
<subject>Security-informed safety case</subject>
<subject>MILS</subject>
<subject>security gateway</subject>
<subject>layers of assurance</subject>
</subjects>
<dates>
<date dateType="Issued">2015-01-20</date>
</dates>
<resourceType resourceTypeGeneral="Text">Conference paper</resourceType>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/47987</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/mils</relatedIdentifier>
</relatedIdentifiers>
<rightsList>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract">&lt;p&gt;Safety cases are the development foundation for safety-critical systems and are often quite complex to understand depending on the size of the system and operational conditions. The recent advent of security aspects complicates the issues further. This paper describes an approach to analysing safety and security in a structured way and creating security-informed safety cases that provide justification of safety taking into particular consideration the impact of security. The paper includes an overview of the structured assurance case concept, a security-informed safety methodology and a layered approach to constructing cases. The approach is applied to a Security Gateway that is used to control data flow between security domains in a separation kernel based operating system in avionics environment. We show that a clear and structured way of presenting a safety case combining safety and security alleviates understanding important interactions taking into account the impact and, hence, increases safety.&lt;/p&gt;</description>
</descriptions>
</resource>

94
55
views