Developing Secure and Safe Systems with Knowledge Acquisition for Automated Specification
Name
Mohammed AbuLamddi
Abstract
There are special techniques languages that are used in risk management in both domains of safety engineering and security engineering. The outputs, known as artifacts, of these techniques are separated from each other leading to several difficulties due to the fact that domains are independent and that there is no one unifying domain for the two. The problem is that safety engineers and security engineers work in separated teams from throughout the system development life cycle, which results in incomplete coverage of risks and threats.
The thesis applies a structured approach to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis.
The structured approach can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality.
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Raimundas Matulevičius
Defence year
2014