Pervasive computing makes high demands on security: devices are seriously resource-restricted, communication takes place spontaneously, and adversaries might control some of the devices. We claim that 1.) today’s research, studying traditional security properties for pervasive computing, leads to inefficient, expensive, and unnecessary strong and unwanted security solutions. Instead, security s...

Traditionally, safety and security have been treated as separate disciplines, but this position is increasingly becoming untenable and stakeholders are beginning to argue that if it’s not secure, it’s not safe. In this paper we present some of the work we have been doing on “security-informed safety”. Our approach is based on the use of structured safety cases and we discuss the impact that sec...

Safety and security are different but closely related concepts. Security is especially relevant in domains like finance, and safety is especially relevant in domains like healthcare and aviation. We review some of the safety problems besetting healthcare IT systems, and we show that some problems are technically open to improvement. Given that there are almost-free technologies (e.g., as part r...

The ever increasing complexity of automotive vehicular systems, their connection to external networks, to the internet of things as well as their greater internal networking opens doors to hacking and malicious attacks. Security and privacy risks in modern automotive vehicular systems are well publicized by now. That violation of security could lead to safety violations – is a well-argued and a...

Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...

A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is ...

upstream oil and gas operations could have adverse impacts on the environment and society as well as the safety, security and health of people. therefore, as a pre-condition to commence any oil and gas project, there must be a comprehensive eshia report, prepared and submitted by contractor to doe, in which all necessary precautions and a concrete program are considered to avoid, control or red...

In this paper, formal verification methodologies and the SPR (Safety Problem Resolver) model checking tool are used for verifying a security model’s safety. The SPR tool makes it possible to analyze security issues on security systems based on the access control model. To illustrate this approach, a case study of the Simple Access Control Model (SACM) is used and specific safety problems of the...