A security metric based on security arguments

Rodes, Benjamin D.; Knight, John; Wasson, Kimberly S.

doi:10.1145/2593868.2593880

Cited by 16 publications

(13 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The model that suggests itself in this context is not measurement of an observable property, but rather a quantification of defensible belief using Bayesian, Dempster-Shafer [102], or other similar theories. The relationship between this kind of metric and an assurance case, which also focuses on evidential reasoning, was described in [103].…”

Section: Securitymentioning

confidence: 99%

A Rational Foundation for Software Metrology

Flater¹,

Black²,

Fong³

et al. 2016

View full text Add to dashboard Cite

Section: Securitymentioning

confidence: 99%

A Rational Foundation for Software Metrology

Flater¹,

Black²,

Fong³

et al. 2016

View full text Add to dashboard Cite

“…We also looked into the authors of the selected papers to find the portion of the papers with at least one author from industry. We found that less than 25% (12 papers) (Cockram and Lautieri 2007;Goodger et al 2012;Netkachova et al 2015;Netkachova and Bloomfield 2016;Xu et al 2017;Gacek et al 2014;Rodes et al 2014;Bloomfield et al 2017;Netkachova et al 2014;Gallo and Dahab 2015;Cheah et al 2018;Ionita et al 2017) included at least one author from industry.…”

Section: Descriptive Statisticsmentioning

confidence: 82%

“…We also looked into the authors of the selected papers to find the portion of the papers with at least one author from industry. We found that less than 25% (12 papers) [16,28,51,50,79,24,57,11,49,26,14,38] included at least one author from industry.…”

Section: Descriptive Statisticsmentioning

confidence: 89%

“…The data sources vary among the validations, as can be seen in Table 14. We categorize these sources into three main categories: -Research, open source, and in-house projects (20) (Ankrum and Kromholz 2005;Chindamaikul et al 2014;Cockram and Lautieri 2007;Coffey et al 2014;Gacek et al 2014;Haley et al 2005;Hawkins et al 2015;Mohammadi et al 2018;Netkachova et al 2015;Patu and Yamamoto 2013a;Poreddy and Corns 2011;Ray and Cleaveland 2015;Rodes et al 2014;Shortt and Weber 2015;Sklyar and Kharchenko 2019;Sljivo and Gallina 2016;Strielkina et al 2018;Tippenhauer et al 2014;Vivas et al 2011;Gallo and Dahab 2015) -Commercial products / systems (9) (Ben Othmane and Ali 2016;Ben Othmane et al 2014;Calinescu et al 2017;Cheah et al 2018;Goodger et al 2012;Górski et al 2012;Masumoto et al 2013;Xu et al 2017;Netkachova et al 2014) -Standards, regulation, and technical reports (7) (Bloomfield et al 2017;Cyra and Gorski 2007;Finnegan and McCaffery 2014b;Fung et al 2018;Graydon and Kelly 2013;He and Johnson 2012;Sklyar and Kharchenko 2017b) SACs were presented in 31 out of the 36 validations. Representing a complete SAC is mostly not possible even in small illustrative cases due to the amount of information required ...…”

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

“…For that there needs to be a mechanism to actively assess the quality of the arguments to gain confidence in them. This is not addressed in literature apart from a few studies, e.g., Chindamaikul et al (2014) and Rodes et al (2014). Similarly, the evidence part also needs to be assessed.…”

Section: Lack Of Quality Assurancementioning

confidence: 99%

See 2 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract

Reasoning About Confidence and Uncertainty in Assurance Cases: A Survey

Duan

Rayadurgam

Heimdahl

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Assurance cases are structured logical arguments supported by evidence that explain how systems, possibly software systems, satisfy desirable properties for safety, security or reliability. The confidence in both the logical reasoning and the underlying evidence is a factor that must be considered carefully when evaluating an assurance case; the developers must have confidence in their case before the system is delivered and the assurance case reviewer, such as a regulatory body, must have adequate confidence in the case before approving the system for use. A necessary aspect of gaining confidence in the assurance case is dealing with uncertainty, which may have several sources. Uncertainty, often impossible to eliminate, nevertheless undermines confidence and must therefore be sufficiently bounded. It can be broadly classified into two types, aleatory (statistical) and epistemic (systematic). This paper surveys how researchers have reasoned about uncertainty in assurance cases. We analyze existing literature to identify the type of uncertainty addressed and distinguish between qualitative and quantitative approaches for dealing with uncertainty.

show abstract

A security metric based on security arguments

Cited by 16 publications

References 11 publications

A Rational Foundation for Software Metrology

A Rational Foundation for Software Metrology

Security assurance cases—state of the art of an emerging approach

Reasoning About Confidence and Uncertainty in Assurance Cases: A Survey

Contact Info

Product

Resources

About