Towards Interdependent Safety Security Assessments using Bowties
Luca Arnaboldi, David Aspinall
TL;DR
This paper proposes a unified approach using Bowtie Diagrams to assess the interdependencies between safety and security, demonstrated through a case study of Facebook's DNS outage.
Contribution
It introduces a method to combine safety and security assessments into a single Bowtie model, capturing their interdependencies.
Findings
Unified safety-security assessment model using Bowties
Application to Facebook DNS outage case study
Insights into safety-security barrier interactions
Abstract
We present a way to combine security and safety assessments using Bowtie Diagrams. Bowties model both the causes leading up to a central failure event and consequences which arise from that event, as well as barriers which impede events. Bowties have previously been used separately for security and safety assessments, but we suggest that a unified treatment in a single model can elegantly capture safety-security interdependencies of several kinds. We showcase our approach with the example of the October 2021 Facebook DNS shutdown, examining the chains of events and the interplay between the security and safety barriers which caused the outage.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Network Security and Intrusion Detection · Software System Performance and Reliability