@inbook{583c018c4c2e4bfdb0830cb6ec2930c0,
title = "Safety versus Security in the Quality Calculus",
abstract = "Safety and security are both needed for ensuring that cyber-physical systems live up to expectations, but often an intelligent trade-off is called for, because sometimes it is impossible to obtain optimal safety at the same time as optimal security. In the context of the Quality Calculus we develop a type system for checking the extent to which safety and security goals have been met. Safety goals include showing that certain error configurations are in fact not reachable and hence do not require intelligent error handling. Security goals include showing that highly trusted communications can only be performed in highly trusted contexts. This is potentially too demanding and the Quality Calculus is therefore extended with a primitive for endorsing data to a higher trust level (accepting violations of the explicit flow) and for temporarily asserting a higher trust in the context (accepting violations of the implicit flow). This is illustrated on a worked example taken from the automotive sector and we conclude with a discussion of the theoretical properties of the type system. ",
keywords = "Automotive industry, Embedded systems, Optimization, Calculations",
author = "Nielson, {Hanne Riis} and Flemming Nielson",
year = "2013",
doi = "10.1007/978-3-642-39698-4_18",
language = "English",
isbn = "978-3-642-39697-7",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "285--303",
booktitle = "Theories of Programming and Formal Methods",
}