Practical Experiences with real-world systems: Security in the world of reliable and safe systems

Reliability and Safety have always been associated to Safety Critical Systems. Since the failure of a Safety Critical System may lead to loss of human lives or large economical effects, the standards that guide the development of these systems have always focused in these two aspects, independently of the domain applicable. By looking into Reliability and Safety independently and focused, one can design a system highly reliable and safe without Security concerns. However, Security plays a major role in the achievement of both Reliability and Safety. A system cannot be reliable and safe if it is not secure. Therefore, the current processes to certify a Safety Critical System also address Security aspects, together with Reliability and Safety. This work presents the activities that have been performed in the scope of the certification of a Safety Critical System in the railway domain and how Security is tackled without jeopardizing Reliability and Safety. The data collected and its importance for guaranteeing safety, reliability and security is presented and discussed. A relationship between the activities performed and the standards concerns is established and examples of architecture decisions that could provide more Reliability and Safety but less Security will be presented.