Claudius LinkMay 3, 2024

Through the upcoming #PapersInSystems discussion I discovered Nancy G. Leveson and her work on #SafetyEngineering and software safety through a systemic perspective

It is fascinating and feels very applicable to #cybersecurity

In their approach STAMP
(System-Theoretic Accident Model and Processes) safety is treated as a dynamic control problem rather than a failure prevention problem and especially takes emergent properties into account. (Emergent properties, are properties that are not in the summation of the individual components but "emergeโ€ when the components interact)

There are a lot of touchpoints with security #ThreatModelling

Therfore cc @adamshostack
Maybe the event is interesting for you?

Discussion session: How to Perform Hazard Analysis on a "System-of-Systems" by Nancy Leveson
Monday, May 6th, 2024, 1 PM - 2 PM Eastern Time (US/Canada).

See @RuthMalan post https://mastodon.social/@RuthMalan/112248634077392391

Show threadAdam Shostack  May 3, 2024
@realn2s @RuthMalan her work on systems is very applicable to cyber - I assign a chapter of her Safer World book in my UW course. And I think that the work to adopt STAMP + family to cyber hasn't been as concrete.
Show threadClaudius LinkMay 6, 2024

@adamshostack @RuthMalan

Sorry for the dummy follow up questions
What does UW mean on this context ๐Ÿฅด?

Today was the discussion and I learned a lot about #STPA/ #STAMP
The checklist of hazards on each controller would IMHO be helpful in #cybesecurity
Actually it feels to me that #STRIDE represents these hazards on one level

Show threadAdam Shostack  May 6, 2024
@realn2s @RuthMalan "University of Washington". Also perfectly reasonable q.
Show threadClaudius Link
@adamshostack @RuthMalan
๐Ÿ˜„๐Ÿ™๐Ÿป
May 6, 2024 at 8:38pmWeb