Jan Tobias Muehlberg
imec-DistriNet, KU Leuven (Bélgica)
We need to talk
In systems development we define safety as the protection against random incidents, which are unwanted and happen as a result of one or more coincidences. This is very different from security, which we define as protection against intended incidents. Security incidents happen as the result of deliberate and planned act.
Based on these differences in semantics, the ways in which we argue for the safety or security of a system are necessarily different: In safety cases we aim to be inclusive and consider plausible hazards in a system’s operating environment.
Security arguments, in contrast, are restrictive as they argue why a countermeasure is effective against a specific threat under some carefully defined attacker model. In practice, these differences in understanding and addressing risks lead to cases where safety mitigations contradict security requirements and vice versa.
With this talk I aim to rise awareness for these issues and how they affect software/system robustness. I will present a number of concrete examples for these unwanted interactions and argue how development processes and practices can be adapted to identify and address these issues early.
Before joining KU Leuven, Tobias worked as a researcher at the University of Bamberg (DE), obtained a Ph.D. from the University of York (UK) and worked as a researcher at the University of Applied Sciences in Brandenburg (DE), where he also acquired his Masters degree.