[trustable-software] Fwd: Is 'safe + secure' equivalent to 'trustable', or a subset?

Sun Nov 27 19:25:05 UTC 2016

Trusted is not a bad term.  ISO/IEC defines it as follows:

2126269
trusted computer system
data processing system that provides sufficient computer security to allow for concurrent access to data by users with different access rights and to data with different security classification and security categories
Note 1 to entry: trusted computer system: term and definition standardized by ISO/IEC [ISO/IEC 2382-8:1998].
Note 2 to entry: 08.01.29 (2382<tel:08.01.29%20(2382>)
[SOURCE: ISO-IEC-2382-8 * 1998 * * * ]

Here as well as the Orange book it takes on a meaning related to security and not a broader term that encompasses safety + security as well as some broader meaning.

Thanks,
rCs

------ Original message------
From: John Lewis
Date: Sun, Nov 27, 2016 2:17 PM
To: trustable-software at lists.trustable.io;
Cc:
Subject:[trustable-software] Fwd: Is 'safe + secure' equivalent to'trustable', or a subset?

Further thoughts

If you want validy for using "Trusted", a precedent was the US DoD "Orange Book" -https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

It dates from around 1983

regards

Begin forwarded message:

From: John Lewis <john_lewis at mac.com<mailto:john_lewis at mac.com>>
Subject: Is 'safe + secure' equivalent to 'trustable', or a subset?
Date: 24 November 2016 at 11:20:49 GMT
To: trustable-software at lists.trustable.io<mailto:trustable-software at lists.trustable.io>

Thoughts

Some systems have to be "mission-critical" i.e. land a vehicle (gently) on a planet, detect an incoming missile and automatically launch a counter. (Not safety critical because lives are not directly at risk). Mission-critical has always been used a lot in military circles because the military likes "missions" and lives (of service personnel) are not always that important. Similarly a company might regard its ERP as "mission critical" - without it working properly the company would be unable to operate.

Other systems have to be safe "safety-critical" e.g. not fail - a fly-by-wire aircraft control system, nuclear power station control systems. These are designed with multiple redundancies / voting approaches. Safety-critical is a super-set of mission critical but mission critical is not a pure subset of safety-critical

Other systems have to be secure, but they don't necessarily have to perform a task or (mission-critical) function. The Honeywell SCOMP spent all its energy being secure but performed no useful task. If systems are not secure they can be subverted so cannot be provably mission or safety critical.

Many IoT systems (I believe this conversation is restricted to IoT) will need to be safety or mission critical AND secure.

Trustable seems as good a term as any to conflate safety, mission and secure systems (I have used the term system rather than software because there must be a systems approach)

So if you define Trustable Systems by the techniques that need to be used to develop them e.g. Formal Methods, Voting, Chain of Custody, test Coverage, Pen Testing etc. etc Trustable means a super-set of safe + secure

However, whether it makes sense to conflate the terms is debatable. Two examples

1   The new UK energy metering system is an IoT. It is mission-critical and needs to be secure but does it need to use safety-critical design techniques e.g. voting

2   An autonomous vehicle does need some safety-critical features (braking, steering) and needs to be secure.

If the world knew what we mean by <trustable> life would be easier - a lot of education is going to be needed.

regards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/trustable-software/attachments/20161127/c69b63cb/attachment.html>