The software security specification, as part of the functional safety of programmable electronic systems, consists in the definition and documentation of specific safety requirements for the software. These requirements are generally derived from the system safety requirements and consist of two types of detail requirements:
HINTSW - T & T Systems carries out the work of defining the security requirements using the most current and technically rigorous approach suggested by the international standard IEC 61508 and by sector regulations derived from it. HINTSW - T & T Systems has a solid experience in the application of these standards, as it has used them in various projects, and therefore it has developed an effective method of definition, identification and tracking of safety requirements, making use of IT tools developed by it, or available on the market.
In many application areas, the standards concerning functional safety determine the overall safety lifecycles, or related only to the system or software. These cycles are derived mostly from those proposed by the IEC 61508 (general standards on functional safety of electrical / electronic / programmable electronic systems). In some cases, especially with regard to the software (eg IEC 61511 concerning the process industry), the industry standard simply call up the security of the software lifecycle as defined in IEC 61508.
IEC 61508 defines three life cycles:
One of the main activities, standardized by IEC 61508, is the work of defining the general safety requirements, of the system and of the software, to which are dedicated some of the initial phases of their life cycles. Even in later stages the safety requirements represent a fundamental topic; in fact, the control and continuous management of the security requirements are one of the main methods identified by the standard, in order to minimize the risk of introducing systematic errors which are against the safety. For this reason it is important to know very well, both the articles contained in the standard, and the implementing practices where one can encounter in these markets.
As already mentioned, the ninth stage of the overall security life cycle is the phase of realization and in it are defined two further cycles of life: the safety life cycle of the system / subsystem and the safety SW life cycle. In both cycles the first stage is that in which are defined the equivalent safety requirements of the system and of the SW respectively.
The system security requirements are derived directly from the portion of the overall safety requirements allocated to the system / subsystem; while the security requirements of the software usually are derived from the system / subsystem and must take into account the hardware architecture of the system / subsystem.
Earlier it was outlined the fact that the management and the continuous control of the safety requirements, for all phases of the life cycle, are the most important methods to avoid introducing systematic errors in the system. Experience has led to identifying some techniques that allow a management and an easier control of the safety requirements. The main ones are: