An Assurance Framework for Independent Co-assurance of Safety and Security

TL;DR

This paper proposes a Safety-Security Assurance Framework (SSAF) enabling independent co-assurance of safety and security in complex systems, addressing integration challenges by focusing on information exchange rather than unified processes.

Contribution

It introduces a novel framework that allows safety and security to be assured independently, improving practicality and domain-specific expertise integration.

Findings

Framework facilitates independent assurance of safety and security.

Emphasizes information exchange over process unification.

Addresses real-world complexity in safety-security co-assurance.

Abstract

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities.