[trustable-software] Fwd: Is 'safe + secure' equivalent to 'trustable', or a subset?

John Lewis john_lewis at mac.com
Sun Nov 27 19:16:48 UTC 2016 

Further thoughts

If you want validy for using “Trusted", a precedent was the US DoD "Orange Book” -https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria <https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria>

It dates from around 1983

regards

> Begin forwarded message:
> 
> From: John Lewis <john_lewis at mac.com>
> Subject: Is 'safe + secure' equivalent to 'trustable',	or a subset?
> Date: 24 November 2016 at 11:20:49 GMT
> To: trustable-software at lists.trustable.io
> 
> Thoughts
> 
> Some systems have to be “mission-critical” i.e. land a vehicle (gently) on a planet, detect an incoming missile and automatically launch a counter. (Not safety critical because lives are not directly at risk). Mission-critical has always been used a lot in military circles because the military likes “missions" and lives (of service personnel) are not always that important. Similarly a company might regard its ERP as “mission critical” - without it working properly the company would be unable to operate.
> 
> Other systems have to be safe "safety-critical" e.g. not fail - a fly-by-wire aircraft control system, nuclear power station control systems. These are designed with multiple redundancies / voting approaches. Safety-critical is a super-set of mission critical but mission critical is not a pure subset of safety-critical
> 
> Other systems have to be secure, but they don’t necessarily have to perform a task or (mission-critical) function. The Honeywell SCOMP spent all its energy being secure but performed no useful task. If systems are not secure they can be subverted so cannot be provably mission or safety critical. 
> 
> Many IoT systems (I believe this conversation is restricted to IoT) will need to be safety or mission critical AND secure.
> 
> Trustable seems as good a term as any to conflate safety, mission and secure systems (I have used the term system rather than software because there must be a systems approach)
> 
> So if you define Trustable Systems by the techniques that need to be used to develop them e.g. Formal Methods, Voting, Chain of Custody, test Coverage, Pen Testing etc. etc Trustable means a super-set of safe + secure
> 
> However, whether it makes sense to conflate the terms is debatable. Two examples
> 
> 1   The new UK energy metering system is an IoT. It is mission-critical and needs to be secure but does it need to use safety-critical design techniques e.g. voting
> 
> 2   An autonomous vehicle does need some safety-critical features (braking, steering) and needs to be secure.
> 
> If the world knew what we mean by <trustable> life would be easier - a lot of education is going to be needed.
> 
> regards
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/trustable-software/attachments/20161127/a5e2ff1d/attachment.html>

More information about the trustable-software mailing list