Safety versus Security in the Quality Calculus

Hanne Riis Nielson, Flemming Nielson

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review


Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can only be performed in highly trusted contexts. This is potentially too demanding and the Quality Calculus is therefore extended with a primitive for endorsing data to a higher trust level (accepting violations of the explicit flow) and for temporarily asserting a higher trust in the context (accepting violations of the implicit flow). This is illustrated on a worked example taken from the automotive sector and we conclude with a discussion of the theoretical properties of the type system.
Original languageEnglish
Title of host publicationTheories of Programming and Formal Methods : Essays Dedicated to Jifeng He on the Occasion of His 70th Birthday
Publication date2013
ISBN (Print)978-3-642-39697-7
ISBN (Electronic)978-3-642-39698-4
Publication statusPublished - 2013
SeriesLecture Notes in Computer Science


  • Automotive industry
  • Embedded systems
  • Optimization
  • Calculations

Fingerprint Dive into the research topics of 'Safety versus Security in the Quality Calculus'. Together they form a unique fingerprint.

Cite this