Safety in the era of connectivity: analyses of the interplay between safety and security attributes

Dependability and security attributes have been discussed in pioneering papers such as the one presented by Avizienis, Laprie, Randell, and Landwehr entitled “basic concepts and taxonomy of dependable and secure computing”. Safety is one of these attributes that has been well-studied in the past few decades, especially when analysing the impact of hardware and software faults on safety-critical systems.

In the past few years however, and as a result of the increase in complexity and connectivity of safety-critical systems, cybersecurity attacks have gained significant attention. These attacks could apart from violating security requirements, jeopardize system safety. Therefore, it is of great importance to study and analyse the impact of cybersecurity attacks on safety and other dependability attributes. This line of research has been done under interplay analysis between safety and security attributes, also sometimes referred to as safety and security co-engineering.

In this lecture, I will present some of my findings when studying the interplay between safety and security attributes. These findings are obtained as a result of the work I have done on (i) build-up of simulation-based attack injection tools to measure the safety implications of cybersecurity attacks, (ii) design of combined safety and security frameworks to evaluate safety hazards alongside security threats in computer systems, and (iii) analysis of the impact of cybersecurity mechanisms on dependability and security attributes.

The results presented in this lecture are obtained through joint work with my colleagues at RISE Research Institutes of Sweden and other industrial and academic researchers that I have had the pleasure to collaborator with in the past years.

Bio

Behrooz is a researcher in the Dependable Transport Systems unit at RISE Research Institutes of Sweden. He received his Ph.D. in Computer Science (2017) from Chalmers University of Technology, where he worked in the Dependable Real-Time Systems research group from 2012 to 2017. He has served on many program committees for conferences and workshops in the area of dependable computing.

His current research interests include the use of fault and attack injection experiments for dependability and security assessment of computer systems as well as to conduct interplay analyses between non-functional requirements such as safety and security.

Behrooz is the coordinator of the ECSEL JU project VALU3S. He is also the co-organizer of VERDI 2023 and the workshop chair of EDCC 2024.