Reference Hub

This research has been cited in:

Article
MBSEsec: Model-Based Systems Engineering Method for Creating Secure SystemsApplied Sciences10.3390/app10072574
Article
Survey of cyber risk analysis techniques for use in the nuclear industryProgress in Nuclear Energy10.1016/j.pnucene.2021.103908
Conference
Use the Harmony-SE Approach to Extend the Advantages of MBSE2021 IEEE 16th Conference on Industrial Electronics and Applications (ICIEA)10.1109/ICIEA51954.2021.9516269
Chapter
Security Risk Assessments and Shortfalls for Evaluating and Protecting Dynamic Autonomic Systems in Future InternetDesign Innovation and Network Architecture for the Future Internet10.4018/978-1-7998-7646-5.ch014

Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method

Christian Raspotnig, Peter Karpati, Andreas L. Opdahl

Source Title: Journal of Cases on Information Technology (JCIT)20(1)

ISSN: 1548-7717|EISSN: 1548-7725|EISBN13: 9781522542322|DOI: 10.4018/JCIT.2018010104

Cite Article Cite Article

MLA

Raspotnig, Christian, et al. "Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method." JCIT vol.20, no.1 2018: pp.46-69. http://doi.org/10.4018/JCIT.2018010104

APA

Raspotnig, C., Karpati, P., & Opdahl, A. L. (2018). Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method. Journal of Cases on Information Technology (JCIT), 20(1), 46-69. http://doi.org/10.4018/JCIT.2018010104

Chicago

Raspotnig, Christian, Peter Karpati, and Andreas L. Opdahl. "Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method," Journal of Cases on Information Technology (JCIT) 20, no.1: 46-69. http://doi.org/10.4018/JCIT.2018010104

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Safety is a fundamental concern in modern society, and security is a precondition for safety. Ensuring safety and security of complex integrated systems requires a coordinated approach that involve different stakeholder groups going beyond safety and security experts and system developers. The authors have therefore proposed CHASSIS (Combined Harm Assessment of Safety and Security for Information Systems), a method for collaborative determination of requirements for safe and secure systems. In this article, the authors evaluate CHASSIS through industrial case studies of two small-to-medium sized suppliers to the air-traffic management (ATM) sector. The results suggest that CHASSIS is easy to use, and that handling safety and security together provides benefits because techniques, information, and knowledge can be reused. The authors conclude that further exploration and development of CHASSIS is worthwhile, but that better documentation is needed—including more detailed process guidelines—to support elicitation of security and safety requirements and to systematically relate them to functional requirements.