4 research outputs found
Security Assurance Cases -- State of the Art of an Emerging Approach
Security Assurance Cases (SAC) are a form of structured argumentation used to
reason about the security properties of a system. After the successful adoption
of assurance cases for safety, SACs are getting significant traction in recent
years, especially in safety-critical industries (e.g., automotive), where there
is an increasing pressure to be compliant with several security standards and
regulations. Accordingly, research in the field of SAC has flourished in the
past decade, with different approaches being investigated. In an effort to
systematize this active field of research, we conducted a systematic literature
review (SLR) of the existing academic studies on SAC. Our review resulted in an
in-depth analysis and comparison of 51 papers. Our results indicate that, while
there are numerous papers discussing the importance of security assurance cases
and their usage scenarios, the literature is still immature with respect to
concrete support for practitioners on how to build and maintain a SAC. More
importantly, even though some methodologies are available, their validation and
tool support is still lacking