From Bouncing Break-ins to Frictional Firewalls: Ideas About Interacting Requirements for Vehicle Safety and Security
摘要
We explore requirement interactions related to safety and security properties with an example based on automotive braking systems, to show ideas about co-engineering trustworthy systems. We start from risk assessments TARA (Threat and Risk Assessment, ISO 21434) and HARA (Hazard Analysis and Risk Assessment, ISO 26262). These are often undertaken separately, resulting in requirements that may interact badly, for example, security features that compromise safety requirements, or sets of requirements that are impossible to satisfy together. Based on a minimal logical foundation for designing cyber-physical systems and considering requirement satisfaction across system changes, we classify several kinds of requirement interaction. These generalise the well-known case of (adverse) feature interactions; our suggestion is that understanding interactions can help during design or implementation revision cycles—even if requirements are considered without using formal methods.