22 research outputs found
Recommended from our members
The model and implementation of Safety Case Cores
Safety plays a crucial role in the modern society. Assuring safe operation is one of the vitally important tasks faced by system developers and experts. The concept of Safety Case has been evolving for over 20 years. World famous scientists such as Peter Bishop, Tim Kelly, J Górski and others made a great impact on the concept and its implementation.The concept has evolved, grown and nowadays become a common and generally accepted practice. However, future research is still needed to develop the approach further on and make it even more useful, accurate, efficient, and of course, automated.
In this paper we introduce a concept of Safety Case Core, which can be considered one of the Safety Case methods. We also discuss an approach to assessing security characteristics of OTS components. In order to help security experts in software assessment, vulnerability tracking and management processes, a special Safety Case core for assessing OTS components was developed and implemented as a plug-in for ASCE software tool and as a web service for OTS components assessment.
The paper is structured in the following way: Section 1 provides a definition of safety case core, describes it structure, model and the main concept; Section 2 presents a core for assessing OTS components and gives some implementation details; Sections 3 and 4 describe the implementation of the core as an ASCE plug-in and as a web service for assessing OTS components and tracking vulnerabilities. The paper ends with concluding remarks, future directions and extensions to this work
Recommended from our members
Is Chocolate Good for You-or, Is the Cloud Secure?
In assessing the validity of security claims, assurance cases are an effective approach to help refine the claims, collect detailed evidence, narrow options, and structure a convincing and valid argument to justify the resulting decision
Recommended from our members
Оценка и обеспечение безопасности систем электронного образования на основе веб-сервисов
Recommended from our members
Analyzing the Dynamics of software vulnerability detection using a logistic curve
Recommended from our members
Security-Informed Safety: If it's not secure, it's not safe
Traditionally, safety and security have been treated as separate disciplines, but this position is increasingly becoming untenable and stakeholders are beginning to argue that if it’s not secure, it’s not safe. In this paper we present some of the work we have been doing on “security-informed safety”. Our approach is based on the use of structured safety cases and we discuss the impact that security might have on an existing safety case. We also outline a method we have been developing for assessing the security risks associated with an existing safety system such as a large-scale critical infrastructure
Recommended from our members
Security-Informed Safety
Society relies on the safe functioning of computer based networks and systems whether it is in transportation, in energy production, banking or in medical devices. In some sectors, notably high hazard ones, achieving and assuring safety is a relatively mature undertaking - although of course we must not be complacent [20,21]. The advent of cyber issues brings enormous challenges and changes to the traditional engineering tempo and approach. This is exacerbated by the increasing sophistication of attackers, the commoditisation of low-end attacks, the increasing vulnerabilities of digital systems as well as their connectivity - both designed and inadvertent. In our research and practice we have been considering the impact of cyber issues on safety critical and safety related computer systems1. This article shares some of the issues and lessons learned
Recommended from our members
Tool Support for Assurance Case Building Blocks, Providing a Helping Hand with CAE
This paper presents a tool for structuring arguments in assurance cases. The tool is designed to support the methodology of Claims-Arguments-Evidence (CAE) Building Blocks that provides a series of archetypal CAE fragments to help structure cases more formally and systematically. It assists with the de-velopment and maintenance of structured assurance cases by providing facil-ities to manage CAE blocks and partially automate the generation of claim structures. In addition to the tool, new visual guidelines called “Helping hand” is provided to assist in applying the building blocks. The tool has been implemented on the Adelard ASCE platform. The target users are assurance case developers and reviewers. The tool and associated methodology can also be useful for people learning how to structure cases in a more rigorous and systematic manner
Recommended from our members
Building Blocks for Assurance Cases
The paper introduces an approach to structuring assurance cases using specially-designed CAE building blocks. The blocks are derived from an empirical analysis of the real case structures and can standardise the presentation of assurance cases by simplifying their architecture. CAE building blocks might also increase the precision and efficiency of the claims in arguments and can be used as self-contained reusable components of formal and semi-formal assurance cases
Recommended from our members
Assurance of open systems dependability: developing a framework for automotive security and safety
We describe how a security informed analysis of the open systems dependability model of DEOS can be used to frame the problem of open systems and security. Together with an approach for analysing industry objectives based on claims, arguments and evidence (CAE), we develop a set of principles and rationale for the security and safety of road transport systems. The associated CAE will provide a generic template for a security informed safety case and supports standardization activities for security-informed safety
Recommended from our members
Investigation into a Layered Approach to Architecting Security-Informed Safety Cases
The paper describes a layered approach to analysing safety and security in a structured way and creating a security-informed safety case. The approach is applied to a case study – a Security Gateway controlling data flow between two different security domains implemented with a separation kernel based operating system in an avionics environment. We discuss some findings from the case study, show how the approach identifies and ameliorates important interactions between safety and security and supports the development of complex assurance case structures