Requirements Management in a Combined Process for Safety and Security Assessments

Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS) method defines a unified process for safety and security assessments to address both the safety and security aspects during system development process. CHASSIS applies techniques from safety and security fields-e.g. misuse case and HAZOP-to identify and model hazards, threats and mitigations to a system. These mitigations, which are generally specified as safety and security requirements, are interrelated. Defining and maintaining the interdependencies between these requirements are vital to, among other things, estimate how a requirement impacts other requirements and artefacts. In this paper, we present our approach for providing trace ability to CHASSIS in order to capture the interdependencies between the safety and security requirements and to demonstrate the history and rational behind their elicitation. The approach, called Satrap, constitutes a process model defining what type of artefacts are generated during development and assessment activities, what type of relations between the artefacts should be captured, and how to extract traces. The trace ability approach together with its supporting prototype tool was applied on an Air Traffic Management remote tower example which was assessed for safety and security risks using CHASSIS.