Claudius LinkMay 3, 2024

Through the upcoming #PapersInSystems discussion I discovered Nancy G. Leveson and her work on #SafetyEngineering and software safety through a systemic perspective

It is fascinating and feels very applicable to #cybersecurity

In their approach STAMP
(System-Theoretic Accident Model and Processes) safety is treated as a dynamic control problem rather than a failure prevention problem and especially takes emergent properties into account. (Emergent properties, are properties that are not in the summation of the individual components but "emerge” when the components interact)

There are a lot of touchpoints with security #ThreatModelling

Therfore cc @adamshostack
Maybe the event is interesting for you?

Discussion session: How to Perform Hazard Analysis on a "System-of-Systems" by Nancy Leveson
Monday, May 6th, 2024, 1 PM - 2 PM Eastern Time (US/Canada).

See @RuthMalan post https://mastodon.social/@RuthMalan/112248634077392391

Show threadAdam Shostack  May 3, 2024
@realn2s @RuthMalan her work on systems is very applicable to cyber - I assign a chapter of her Safer World book in my UW course. And I think that the work to adopt STAMP + family to cyber hasn't been as concrete.
Show threadClaudius Link

@adamshostack @RuthMalan

Sorry for the dummy follow up questions
What does UW mean on this context πŸ₯΄?

Today was the discussion and I learned a lot about #STPA/ #STAMP
The checklist of hazards on each controller would IMHO be helpful in #cybesecurity
Actually it feels to me that #STRIDE represents these hazards on one level

May 6, 2024 at 8:33pmWeb
Show threadAdam Shostack  May 6, 2024
@realn2s @RuthMalan "University of Washington". Also perfectly reasonable q.
Show threadAdam Shostack  May 6, 2024
@realn2s @RuthMalan https://courses.cs.washington.edu/courses/csep590b/23au/
CSEP590B: PMP Special Topics: Security EngineeringComputer Ethics

Show threadClaudius LinkMay 6, 2024
@adamshostack @RuthMalan
πŸ™πŸ»
Show threadClaudius LinkMay 6, 2024
@adamshostack @RuthMalan
πŸ˜„πŸ™πŸ»