Related papers: Towards Interdependent Safety Security Assessments…
For risks that cannot be accepted, sufficiently mitigated, or eliminated, continuous observation is a viable approach but requires a model that can be operationalized. The Hagenberg Risk Management Process bridges this gap between…
Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security,…
Because of the threat of advanced multi-step attacks, it is often difficult for security operators to completely cover all vulnerabilities when deploying remediations. Deploying sensors to monitor attacks exploiting residual vulnerabilities…
Connected cars are susceptible to cyberattacks. Security and safety of future vehicles highly depend on a holistic protection of automotive components, of which the time-sensitive backbone network takes a significant role. These onboard…
In order to enable model-based, iterative design of safety-relevant systems, an efficient incorporation of safety and system engineering is a pressing need. Our approach interconnects system design and safety analysis models efficiently…
The rapid integration of AI algorithms in safety-critical applications such as autonomous driving and healthcare is raising significant concerns about the ability to meet stringent safety standards. Traditional tools for formal safety…
Intrusion detection systems (IDSs) generate valuable knowledge about network security, but an abundance of false alarms and a lack of methods to capture the interdependence among alerts hampers their utility for network defense. Here, we…
Current frameworks for evaluating security bug severity, such as the Common Vulnerability Scoring System (CVSS), prioritize the ratio of exploitability to impact. This paper suggests that the above approach measures the "known knowns" but…
Foundation models are routinely fine-tuned for use in particular domains, yet safety assessments are typically conducted only on base models, implicitly assuming that safety properties persist through downstream adaptation. We test this…
With the widespread use of software systems in critical infrastructures such as hydropower plants has brought many advantages, yet it has exposed these systems to cyber threats. Cyber risk assessment & mitigation is important to identify…
Today's IoT systems include event-driven smart applications (apps) that interact with sensors and actuators. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause…
Safety-critical control tasks with high levels of uncertainty are becoming increasingly common. Typically, techniques that guarantee safety during learning and control utilize constraint-based safety certificates, which can be leveraged to…
This paper addresses the problem of children's online safety in the context of the growing digital landscape. With a surge in the use of digital technology among children, there has been an increase in online safety harms, risks and…
Critical infrastructure increasingly relies on interconnected cyber-physical systems whose security incidents can escalate rapidly into safety and operational failures. Existing decision-support approaches struggle to support real-time…
Safety evaluation is an essential component of clinical trials. To protect study participants, these studies often implement safety stopping rules that will halt the trial if an excessive number of toxicity events occur. Existing safety…
Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…
Denial of Service (DoS) attacks constitute a major security threat to today's Internet. This challenge is especially pertinent to the Internet of Things (IoT) as devices have less computing power, memory and security mechanisms to mitigate…
Since its inception, Facebook has become an integral part of the online social community. People rely on Facebook to make connections with others and build communities. As a result, it is paramount to protect the integrity of such a rapidly…
Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent…
Evaluating the safety of frontier AI systems is an increasingly important concern, helping to measure the capabilities of such models and identify risks before deployment. However, it has been recognised that if AI agents are aware that…