This two day course covers the intersection of safety-, security-, and requirements engineering. Safety and security have a great deal in common with related concepts, analysis techniques, and goals, to protect valuable assets from unauthorized harm due to dangers (hazards and threats) which naturally suggest a risk-based approach to requirements analysis.
Many software-intensive systems have significant safety and security ramifications and need to have their associated safety- and security-related requirements properly engineered. For example, it has been observed by several consultants, researchers, and authors that inadequate requirements are a major cause of accidents involving software-intensive systems. Yet in practice, there is very little interaction between the requirements, safety and security disciplines and little collaboration between their respective communities. Most requirements engineers know little about safety and security engineering, and most safety and security engineers know little about requirements engineering. Also, safety and security engineering typically concentrates on architectures and designs rather than requirements because hazard and threat analysis typically depend on the identification of vulnerable hardware and software components, the failure or exploitation of which can cause accidents and enable successful attacks. This leads to safety- and security-related requirements that are often ambiguous, incomplete, and even missing.
The intended audience for this tutorial includes:
The overall goal is to teach the attendees how to engineer safety- and security-related requirements for software-intensive systems. Specific objectives include learning the:
Participants should be familiar with requirements, safety and security.
Participants receive a course notebook with copies of the course slides.
This 2-day course meets at the following times:
Days 1-2, 8:30 a.m. - 5:00 p.m.