Assurance Cases as a Didactic Tool for Information Security

Gallo, Roberto; Dahab, Ricardo

doi:10.1007/978-3-319-18500-2_2

Cited by 7 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also looked into the authors of the selected papers to find the portion of the papers with at least one author from industry. We found that less than 25% (12 papers) (Cockram and Lautieri 2007;Goodger et al 2012;Netkachova et al 2015;Netkachova and Bloomfield 2016;Xu et al 2017;Gacek et al 2014;Rodes et al 2014;Bloomfield et al 2017;Netkachova et al 2014;Gallo and Dahab 2015;Cheah et al 2018;Ionita et al 2017) included at least one author from industry.…”

Section: Descriptive Statisticsmentioning

confidence: 82%

“…The data sources vary among the validations, as can be seen in Table 14. We categorize these sources into three main categories: -Research, open source, and in-house projects (20) (Ankrum and Kromholz 2005;Chindamaikul et al 2014;Cockram and Lautieri 2007;Coffey et al 2014;Gacek et al 2014;Haley et al 2005;Hawkins et al 2015;Mohammadi et al 2018;Netkachova et al 2015;Patu and Yamamoto 2013a;Poreddy and Corns 2011;Ray and Cleaveland 2015;Rodes et al 2014;Shortt and Weber 2015;Sklyar and Kharchenko 2019;Sljivo and Gallina 2016;Strielkina et al 2018;Tippenhauer et al 2014;Vivas et al 2011;Gallo and Dahab 2015) -Commercial products / systems (9) (Ben Othmane and Ali 2016;Ben Othmane et al 2014;Calinescu et al 2017;Cheah et al 2018;Goodger et al 2012;Górski et al 2012;Masumoto et al 2013;Xu et al 2017;Netkachova et al 2014) -Standards, regulation, and technical reports (7) (Bloomfield et al 2017;Cyra and Gorski 2007;Finnegan and McCaffery 2014b;Fung et al 2018;Graydon and Kelly 2013;He and Johnson 2012;Sklyar and Kharchenko 2017b) SACs were presented in 31 out of the 36 validations. Representing a complete SAC is mostly not possible even in small illustrative cases due to the amount of information required ...…”

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

“…Since there is a lack of studies that focus on quality assurance of SAC, we have recommended studies which include some metrics to help assessing SACs in Table 15. Agudo et al (2009), Alexander et al (2011), Ben Othmane et al (2014, Gallo and Dahab (2015), Knight (2015), Netkachova and Bloomfield (2016), Weinstock et al (2007) Argumentation Agudo et al (2009), Ben Othmane and Ali ( 2016 Documentation This block includes making a decision of whether or not to use a tool for modelling the argument and documenting the SAC. If a tool is used, then the notation to be used is limited to the one/s supported by the tool.…”

Section: Sac Creation Workflowmentioning

confidence: 99%

“…Another example is when SACs are suggested as tools to aid in information security education (Gallo and Dahab 2015). This very interesting concept is not supported by a discussion on the required level of detail in the SACs presented to students.…”

Section: Potential For a Wide Range Of Benefitsmentioning

confidence: 99%

See 3 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract

Section: Descriptive Statisticsmentioning

confidence: 82%

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

Section: Sac Creation Workflowmentioning

confidence: 99%

Section: Potential For a Wide Range Of Benefitsmentioning

confidence: 99%

See 2 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

show abstract

“…The paper [50] considers the effectiveness of the advantage of AC as a framework for teaching information security. AC has been used as one of the tools for students during educational project implementation to improve teaching efficiency.…”

Section: Assurance Case For Knowledge Managementmentioning

confidence: 99%

Assurance Case for Safety and Security Implementation: A Survey of Applications

Sklyar¹,

Kharchenko²

2020

IJC

View full text Add to dashboard Cite

This paper presents a survey of Assurance Case implementation for applications which are not directly related to the usual for Assurance Case regulatory regime. The UK is the country which first developed the theory of Assurance Case as a response to big catastrophes, and most applies Assurance Case regime for many industrial domains. USA, Australia and EU countries apply Assurance Case approach for safety and security regulation and licensing. For the last two decades Assurance Case has been used mostly for confirmation analysis of critical systems with established set of regulatory requirements. There are proven standards of use, notations and tools to support Assurance Case methodology. However, many researchers have tried to find approach to expand Assurance Case application to communicating domains. We group the following directions of Assurance Case applications as the following ones: Assurance Case for attributes assessment such as quality, dependability and, first of all, safety and security, Assurance Case based certification, improvement of argumentation, assurance based development, and Assurance Case for knowledge management. The main challenges and solutions of development and application of Assurance Case methodology, techniques and tools have been analyzed.

show abstract

Development of Structured Arguments for Assurance Case

Sklyar

Kharchenko

2021

Studies in Computational Intelligence

View full text Add to dashboard Cite

Assurance Cases as a Didactic Tool for Information Security

Cited by 7 publications

References 7 publications

Security assurance cases—state of the art of an emerging approach

Security assurance cases—state of the art of an emerging approach

Assurance Case for Safety and Security Implementation: A Survey of Applications

Development of Structured Arguments for Assurance Case

Contact Info

Product

Resources

About