Jan Tobias Muehlberg

imec-DistriNet, KU Leuven (Bélgica)
Charla
27 de marzo – 11:00-12:00
Sala Valle Inclán

We need to talk

Abstract:

In systems development we define safety as the protection against random incidents, which are unwanted and happen as a result of one or more coincidences. This is very different from security, which we define as protection against intended incidents. Security incidents happen as the result of deliberate and planned act.

Based on these differences in semantics, the ways in which we argue for the safety or security of a system are necessarily different: In safety cases we aim to be inclusive and consider plausible hazards in a system’s operating environment.

Security arguments, in contrast, are restrictive as they argue why a countermeasure is effective against a specific threat under some carefully defined attacker model. In practice, these differences in understanding and addressing risks lead to cases where safety mitigations contradict security requirements and vice versa.

With this talk I aim to rise awareness for these issues and how they affect software/system robustness. I will present a number of concrete examples for these unwanted interactions and argue how development processes and practices can be adapted to identify and address these issues early.

Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things.

Before joining KU Leuven, Tobias worked as a researcher at the University of Bamberg (DE), obtained a Ph.D. from the University of York (UK) and worked as a researcher at the University of Applied Sciences in Brandenburg (DE), where he also acquired his Masters degree.