Download presentation
Presentation is loading. Please wait.
1
A Data Focussed Approach to Mapping Security Issues to Safety Impacts Dr Robert Oates
Private – Rolls-Royce Proprietary Information
2
Talk Overview Motivation
Safety and Security Interactions and Constraints Integrated Development Processes Our solution Example Technologies Limitations and a call to arms! Private – Rolls-Royce Proprietary Information
3
Mobile Oil Drilling Platform
US Coastguard statement Private – Rolls-Royce Proprietary Information
4
Safety and Security - Risk
Supplier Legal Process Quality escape Corrective Action Supplier Supplier End User Legal Process Private – Rolls-Royce Proprietary Information
5
Safety and Security - Risk
Private – Rolls-Royce Proprietary Information
6
A Note on Risk Driven Development
Identify Risks Analyse Risks Generate Risk Treatment Plan Mitigate Define Mitigations as Requirements Avoid Transfer Accept Quality Process Private – Rolls-Royce Proprietary Information
7
Risk Driven Design Processes
Inputs: i) Organisation: ->What’s our risk appetite? ii) Functional Requirements -> What are we making? Initial Design to Design Principles Threat Intelligence Technical Risk Assessment Risk Treatment Plan Are risks acceptable? Identify Mitigations Update Design Next phase yes no Private - Rolls-Royce Proprietary Information
8
Safety and Security - Impact
Spoofing Misinformation Tampering Faulty Assumptions Causes of Incidents Impacts of Cyber-Attack Repudiation Uncontrolled Change Information Disclosure Unqualified Personnel Denial of Service Uncertainty Escalation of Privilege Private – Rolls-Royce Proprietary Information
9
Integrated Development Processes
Ref: ED202A Private – Rolls-Royce Proprietary Information
10
Threat Risk model Private – Rolls-Royce Proprietary Information
11
Threat Risk Model Private – Rolls-Royce Proprietary Information
12
Mapping Impact Properties for a
For every data artefact: What happens if I lose the property of… Properties for a cyber security assessment (Microsoft SDL) Properties for a data safety assessment (SCSC) Integrity Completeness Consistency Format Accuracy Resolution Traceability Timeliness Verifiability Availability Fidelity / Representation Priority Confidentiality Integrity Availability Non-repudiation Authorisation Authentication Disposability / Deletability Sequencing Intended Destination/Usage Accessibility Suppression History Lifetime Private – Rolls-Royce Proprietary Information
13
Impact Assessment Example
Self Reproducing Banking Malware Confidentiality Availability Control Signal Resolution US Coastguard statement Integrity Consistency Accuracy Sequencing Timeliness Availability Fidelity / Representation Private – Rolls-Royce Proprietary Information
14
Trade-off Example Intended destination/usage Accessibility
Traceability Disposability / Deletability Suppression Cryptography Sequencing Timeliness Availability Priority Lifetime Confidentiality Integrity Completeness Consistency Format Accuracy Resolution Sequencing Fidelity / Representation History Integrity Availability Authentication/Authorisation Timeliness Lifetime Private – Rolls-Royce Proprietary Information
15
Limitations Lack of validation of bridge Data safety scalability
No replacement for common sense Private – Rolls-Royce Proprietary Information
16
Conclusions Potentially useful for elucidating security requirements that conserve safety properties Protecting key properties Mitigations that don’t erode key properties Help! Data Safety Working Group Security informed safety case working group Review the bridge Private – Rolls-Royce Proprietary Information
Similar presentations
