Engineering Safety- and Security-Related Requirements for Software-Intensive Systems

This two day course covers the intersection of safety-, security-, and requirements engineering. Safety and security have a great deal in common with related concepts, analysis techniques, and goals, to protect valuable assets from unauthorized harm due to dangers (hazards and threats) which naturally suggest a risk-based approach to requirements analysis.

Many software-intensive systems have significant safety and security ramifications and need to have their associated safety- and security-related requirements properly engineered. For example, it has been observed by several consultants, researchers, and authors that inadequate requirements are a major cause of accidents involving software-intensive systems. Yet in practice, there is very little interaction between the requirements, safety and security disciplines and little collaboration between their respective communities. Most requirements engineers know little about safety and security engineering, and most safety and security engineers know little about requirements engineering. Also, safety and security engineering typically concentrates on architectures and designs rather than requirements because hazard and threat analysis typically depend on the identification of vulnerable hardware and software components, the failure or exploitation of which can cause accidents and enable successful attacks. This leads to safety- and security-related requirements that are often ambiguous, incomplete, and even missing.

Who should attend?

The intended audience for this tutorial includes:

  • Requirements engineers who must collaborate with safety and security engineers to engineer the safety- and security-related requirements.
  • Safety engineers who must perform the hazard and risk analysis that drives the safety-related requirements and who must collaborate with requirements engineers to engineer these requirements.
  • Security engineers who must perform the threat and risk analysis that drives the security-related requirements and who must collaborate with requirements engineers to engineer these requirements.
  • Stakeholders in the safety- and security-related requirements including subject matter experts, customer representatives, architects, software engineers, testers, and certifiers.

Topics

  • Fundamental concepts underlying the engineering of safety- and security-related requirements.
  • Different types of safety- and security- related requirements including their purpose and composition.
  • Basic tasks of safety and security engineering that are related to engineering safety- and security- related requirements.
  • Relationship between safety and security quality sub-factors and the quality criteria specified in safety and security requirements.

Objectives

The overall goal is to teach the attendees how to engineer safety- and security-related requirements for software-intensive systems. Specific objectives include learning the:

  • Fundamental concepts underlying the engineering of safety- and security-related requirements.
  • Different types of safety- and security-related requirements including their purpose and composition.
  • Basic tasks of safety and security engineering that are related to engineering safety- and security-related requirements.
  • Relationship between safety and security quality subfactors and the quality criteria specified in safety and security requirements.

Prerequisites

Participants should be familiar with requirements, safety and security.

Materials

Participants receive a course notebook with copies of the course slides.

Schedule

This 2-day course meets at the following times:

Days 1-2, 8:30 a.m. - 5:00 p.m.

Course Details

Course Fees [USD]

U.S. Industry: $1400

U.S. Government/Academic: $1100

International: $2100

 
This course may be offered by special arrangement at customer sites.

For More Information

E-mail: course-info@sei.cmu.edu
Phone: 412-268-7622


Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.