Towards Incremental Safety and Security Requirements Co-Certification

The continuous technological developments and the growing connectivity of applications and infrastructures is leading to the new threats to the technological world in particular to the possibility of considering certain threats in environments that were not previously touched by them. Now that many safety critical systems are becoming connected, they need to be protected from security threats. Safety and security engineering and certification evaluation are processes that have evolved independently. However now that security issues may impact safety they need to be analysed together, yet the processes must become more flexible to encourage certification when it is not mandatory. In this paper we sketch an approach for incremental certification of security requirements with Common Criteria in the general context of security/safety co-engineering and certification. The approach is illustrated with a case study.