search menu icon-carat-right cmu-wordmark

Model-Based Engineering with AADL: Transitioning Research to Practice

November 2020 Presentation
Sam Procter

To understand interactions between safety and security mechanisms, CMU SEI researchers are developing an integrated safety and security engineering approach supported by an AADL workbench.

Publisher:

Software Engineering Institute

Abstract

Critical systems must be both safe from inadvertent harm and secure from malicious actors. But safety and security practices have historically evolved in isolation. Safety-critical systems, such as aircraft and medical devices, were long considered stand-alone systems without security concerns. Security communities, on the other hand, have often deployed mechanisms such as partitioning, redundancy, and encryption solely from a safety or security perspective, resulting in over-provisioning and conflicts between mechanisms. This disconnect is harmful, but there is limited understanding of the interactions between safety and security. To combat this lack of understanding, we are developing an integrated safety and security engineering approach based on system theory and supported by an AADL-based workbench. This approach unifies safety and security analysis through a formalized taxonomy that drives system verification via fault-injection and simulation. It provides a design framework to combine safety and security mechanisms into a more robust and resilient system architecture through continuous analytic verification. And it ensures traceability by linking machine-readable requirements to the tests that verify them and the system elements that implement them.

  • unifies safety and security analysis through a formalized taxonomy that is used to drive system verification via fault-injection and simulation
  • provides a design framework to combine safety and security mechanisms into a more robust and resilient system architecture through continuous analytic verification
  • ensures traceability by linking machine-readable requirements to the tests that verify them and the system elements that implement them