Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method

Christian Raspotnig (ATM System Development, Avinor Air Navigation Services, Gardermoen, Norway), Peter Karpati (Institute for Energy Technology, Halden, Norway) and Andreas L. Opdahl (Department of Information Science and Media Studies, University of Bergen, Bergen, Norway)
Copyright: © 2018 |Pages: 69
EISBN13: 9781522561071|DOI: 10.4018/JCIT.2018010104
OnDemand PDF Download:
List Price: $37.50
OnDemand PDF Download
Download link provided immediately after order completion
List Price: $37.50
Current Promotions:
Take 20% Off All Publications Purchased Directly Through the IGI Global Online Bookstore:


Safety is a fundamental concern in modern society, and security is a precondition for safety. Ensuring safety and security of complex integrated systems requires a coordinated approach that involve different stakeholder groups going beyond safety and security experts and system developers. The authors have therefore proposed CHASSIS (Combined Harm Assessment of Safety and Security for Information Systems), a method for collaborative determination of requirements for safe and secure systems. In this article, the authors evaluate CHASSIS through industrial case studies of two small-to-medium sized suppliers to the air-traffic management (ATM) sector. The results suggest that CHASSIS is easy to use, and that handling safety and security together provides benefits because techniques, information, and knowledge can be reused. The authors conclude that further exploration and development of CHASSIS is worthwhile, but that better documentation is needed—including more detailed process guidelines—to support elicitation of security and safety requirements and to systematically relate them to functional requirements.
InfoSci-OnDemand Powered Search