3 research outputs found
Recommended from our members
Using an assurance case framework to develop security strategy and policies
Assurance cases have been developed to reason and communicate about the trustworthiness of systems. Recently we have also been using them to support the development of policy and to assess the impact of security issues on safety regulation. In the example we present in this paper, we worked with a safety regulator (anonymised as A Regulatory Organisation (ARO) in this paper) to investigate the impact of cyber-security on safety regulation
Recommended from our members
Assurance of open systems dependability: developing a framework for automotive security and safety
We describe how a security informed analysis of the open systems dependability model of DEOS can be used to frame the problem of open systems and security. Together with an approach for analysing industry objectives based on claims, arguments and evidence (CAE), we develop a set of principles and rationale for the security and safety of road transport systems. The associated CAE will provide a generic template for a security informed safety case and supports standardization activities for security-informed safety
Security Assurance Cases -- State of the Art of an Emerging Approach
Security Assurance Cases (SAC) are a form of structured argumentation used to
reason about the security properties of a system. After the successful adoption
of assurance cases for safety, SACs are getting significant traction in recent
years, especially in safety-critical industries (e.g., automotive), where there
is an increasing pressure to be compliant with several security standards and
regulations. Accordingly, research in the field of SAC has flourished in the
past decade, with different approaches being investigated. In an effort to
systematize this active field of research, we conducted a systematic literature
review (SLR) of the existing academic studies on SAC. Our review resulted in an
in-depth analysis and comparison of 51 papers. Our results indicate that, while
there are numerous papers discussing the importance of security assurance cases
and their usage scenarios, the literature is still immature with respect to
concrete support for practitioners on how to build and maintain a SAC. More
importantly, even though some methodologies are available, their validation and
tool support is still lacking