An Integrated Approach to Deriving Safety and Security Requirements from Safety Cases

Increasing reliance on networking in modern safety-critical control systems requires novel methodologies integrating security consideration in the system development. We propose a novel approach enabling systematic derivation of both safety and security constraints from the system safety case. A safety case is a structured argument justifying system safety. We demonstrate how the decomposition of safety goals results in deriving constraints that should be imposed on the system and software behavior to guarantee safety in presence of accidental and malicious faults.