National Workshop on Aviation Software Systems Design for

National Workshop on Aviation Software Systems: Design for Certifiably Dependable Systems Natasha Neogi October 5 -6, 2006 Arlington, VA 1

The Next Generation Air Transportation System 2

Security and Safety Issues § Security and Safety are highest priorities • Self-inflicted DOS or DOI not an option • Liveness (physical systems must obey dynamic constraints) • Most access/authentication systems not appropriate § Diversity involves multiple technologies § Integrity and Availability can be more important than Confidentiality Safety and Security Properties can lead to Competing Requirements 3

Safety and Security Tradeoffs Approach: • Build in Safety/ Security from system inception • Evaluate tradeoff between Safety and Security throughout the lifecycle • Can use tradeoff analysis to evaluate/distinguish between design alternatives System Security Process Preliminary Threat Assessment Vulnerabilities and Attack Models Requirements Specification and Analysis System Safety Process System Specification Preliminary Hazard Analysis Modelling: Components and Interfaces Accident and Risk Models Integration of Techniques Avoidance, Detection, Masking Certification Monitor Vulnerability Simulation and Testing Assessment and Measurements Sustainment & Retirement Elimination, Mitigation, Control Certification Monitor Residual Risk 4

Fundamental Research Questions § How do you quantify safety and security in a predictive manner? § What are the effects of other qualities on safety, security and their relationship • Capacity, Efficiency, Environmental etc. § Can we model/quantify tradeoffs for the relationship between safety and security? 5

Thank You! 6