Abstract

Preserving information integrity represent an urgent need for safety critical systems, where depending on incorrect or inconsistent information may leads to disasters. Typically, information integrity is a problem handled at technical level (e.g., checksumming). However, information integrity has to be analyzed in the social-technical context of the system, since information integrity related problems might manifest themselves in the business processes and actors interactions. In this paper, we propose an extended version of i*/ secure Tropos modeling languages to capture information integrity requirements. We illustrate the Datalog formalization of the proposed concepts and analysis techniques to support the analyst in the verification of integrity related properties. Air Traffic Management (ATM) case study is used throughout the paper. Document type: Part of book or chapter of book

Abstract

This paper describes a method aiming to support the design of interactive-safety critical systems. The method proposes an original integration of approaches usually considered separately, such as task modelling and distributed cognition. The basic idea is that analysing task performance requires a clear understanding of the information needed to accomplish the task and how to derive such information from both internal cognitive representations and external representations provided by various types of artefacts. We also report on a first application of the method to a case study in the Air Traffic Control (ATC) domain. Document type: Part of book or chapter of book

Abstract

Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has been attacked, it is impossible to demonstrate that malware has been completely eradicated from a safety-related network. For instance, recent generations of malware use zero day exploits and process injection with command and control server architectures to circumvent existing firewalls and monitoring software. This creates enormous problems for regulators who must determine whether or not it is acceptably safe to resume operations. It is, therefore, important that we learn as much as possible from previous cyber-attacks without disclosing information that might encourage future attacks. This chapter describes different architectures for encouraging the exchange of lessons learned from security incidents in safety-critical applications. Document type: Part of book or chapter of book