Building multiple-viewpoint assurance cases using assumption/guarantee contracts

Šljivo, Irfan; Gallina, Barbara

doi:10.1145/2993412.3007555

Cited by 4 publications

(16 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach combines safety and security principles to create assurance cases with the main goal of achieving acceptable safety. The resulting cases have separate top claims for safety and security followed by separate argumentation; (iv) dynamic assurance cases (Calinescu et al 2017), an approach for generating arguments and evidence based on run-time patterns for the assurance cases of self-adaptive systems; (v) multiple viewpoint assurance cases where security is treated as an assurance viewpoint (Sljivo and Gallina 2016). The approach suggests to reuse AC artefacts by building multipleviewpoint AC using contracts, and introduces an algorithm for a model transformation from a contract meta model into an argumentation meta model; and (vi) dependability cases with focus on security (Patu and Yamamoto 2013a).…”

Section: Rq2: Approachesmentioning

confidence: 99%

“…The most common types of evidence reported in literature are test results (TR) (12 papers) (Ben Othmane and Ali 2016; Calinescu et al 2017;Cheah et al 2018;Chindamaikul et al 2014;Lipson and Weinstock 2008;Poreddy and Corns 2011;Shortt and Weber 2015;Sklyar and Kharchenko 2016, 2017a, b, 2019Sljivo and Gallina 2016) and different types of analysis. These analysis include threat and vulnerability (TVA) (Cockram and Lautieri 2007;McCaffery 2014a, b, Patu andYamamoto 2013a), code (CA) and bug (BA) (Chindamaikul et al 2014;Ben Othmane and Ali 2016;Sklyar and Kharchenko 2016, 2017a, b, 2019, security standards and policies (PA) (Agudo et al 2009;Netkachova et al 2015), risk (RA) (Mohammadi et al 2018), and log analysis (LA) (Mohammadi et al 2018;Patu and Yamamoto 2013a).…”

Section: Evidencementioning

confidence: 99%

“…There are 17 reported prerequisites. The majority belong to approaches (11) (Chindamaikul et al 2014;Cockram and Lautieri 2007;Cyra and Gorski 2007;Hawkins et al 2015;Patu and Yamamoto 2013a;Ankrum and Kromholz 2005;Cheah et al 2018;Sljivo and Gallina 2016;Tippenhauer et al 2014;Vivas et al 2011;Xu et al 2017) while the remaining ones belong to usage scenarios (2) (Bloomfield et al 2017;Goodger et al 2012), patterns (2) (Patu and Yamamoto 2013b;He and Johnson 2012), and tools (1) (Gacek et al 2014). We categorize prerequisites as follows: The studies in this category require the existence or performing certain analysis and models to achieve their purpose.…”

Section: Prerequisitesmentioning

confidence: 99%

“…The data sources vary among the validations, as can be seen in Table 14. We categorize these sources into three main categories: -Research, open source, and in-house projects (20) (Ankrum and Kromholz 2005;Chindamaikul et al 2014;Cockram and Lautieri 2007;Coffey et al 2014;Gacek et al 2014;Haley et al 2005;Hawkins et al 2015;Mohammadi et al 2018;Netkachova et al 2015;Patu and Yamamoto 2013a;Poreddy and Corns 2011;Ray and Cleaveland 2015;Rodes et al 2014;Shortt and Weber 2015;Sklyar and Kharchenko 2019;Sljivo and Gallina 2016;Strielkina et al 2018;Tippenhauer et al 2014;Vivas et al 2011;Gallo and Dahab 2015) -Commercial products / systems (9) (Ben Othmane and Ali 2016;Ben Othmane et al 2014;Calinescu et al 2017;Cheah et al 2018;Goodger et al 2012;Górski et al 2012;Masumoto et al 2013;Xu et al 2017;Netkachova et al 2014) -Standards, regulation, and technical reports (7) (Bloomfield et al 2017;Cyra and Gorski 2007;Finnegan and McCaffery 2014b;Fung et al 2018;Graydon and Kelly 2013;He and Johnson 2012;Sklyar and Kharchenko 2017b) SACs were presented in 31 out of the 36 validations. Representing a complete SAC is mostly not possible even in small illustrative cases due to the amount of information required ...…”

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

“…We have seen in many cases that the approaches presented in literature treat security and safety cases as the same, e.g., Chindamaikul et al (2014), Graydon and Kelly (2013), Hawkins et al (2015), Sljivo and Gallina (2016), Goodger et al (2012, Ankrum and Kromholz (2005), Gacek et al (2014) and Kharchenko (2017b, 2019). We believe that since assurance cases in general are mature in the safety domain and have been used for a long time, it is natural to consider the gained knowledge and transfer it into other domains, such as security.…”

Section: Security Might Differ From Safetymentioning

confidence: 99%

See 4 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract

Section: Rq2: Approachesmentioning

confidence: 99%

Section: Evidencementioning

confidence: 99%

Section: Prerequisitesmentioning

confidence: 99%

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

Section: Security Might Differ From Safetymentioning

confidence: 99%

See 3 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

show abstract

Recommendations for Effective Security Assurance of Software-Dependent Systems

Jaskolka

2020

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Continuous Deployment for Dependable Systems with Continuous Assurance Cases

Warg

Blom

Borg

2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

View full text Add to dashboard Cite

An assurance case contains a structured argument supported by evidence, demonstrating that a system fulfils a certain quality attribute such as safety, cybersecurity or reliability. The traditional way of building assurance cases is, however, not well suited to continuous deployment, and difficult to maintain with a product structure where many variants and frequent new versions must be managed. By integrating the assurance work with product development in continuous assurance cases, which are updated and assessed iteratively, we claim continuous deployment of dependability-critical products is possible to achieve. In this paper we propose a work process combining the use of component-based design, contracts, modular assurance cases, and continuous assessment to enable continuous deployment in the context of product lines.

show abstract

Building multiple-viewpoint assurance cases using assumption/guarantee contracts

Cited by 4 publications

References 6 publications

Security assurance cases—state of the art of an emerging approach

Security assurance cases—state of the art of an emerging approach

Recommendations for Effective Security Assurance of Software-Dependent Systems

Continuous Deployment for Dependable Systems with Continuous Assurance Cases

Contact Info

Product

Resources

About