Advanced Security Assurance Case Based on ISO/IEC 15408

Potii, Oleksandr Volodymyrovych; Illiashenko, Oleg; Комін, Д.С.

doi:10.1007/978-3-319-19216-1_37

Cited by 31 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…At the same time, CubeSat systems, including ground stations, communication signals, and CubeSat spacecraft, are subject to various cyberattacks, the classification of which is given by the standard ISO/IEC 15408 [21]. There are various papers that analyze [22] and propose methods for analyzing CubeSat security threats and solving those, for example, based on the analysis of attack trees [23].…”

Section: Why the Cubesat Software Is Complex To Develop?mentioning

confidence: 99%

Agile Software Development Lifecycle and Containerization Technology for CubeSat Command and Data Handling Module Implementation

Liubimov,

Turkin,

Pavlikov

et al. 2023

Computation

View full text Add to dashboard Cite

As a subclass of nanosatellites, CubeSats have changed the game’s rules in the scientific research industry and the development of new space technologies. The main success factors are their cost effectiveness, relative ease of production, and predictable life cycle. CubeSats are very important for training future engineers: bachelor’s and master’s students of universities. At the same time, using CubeSats is a cost-effective method of nearest space exploration and scientific work. However, many issues are related to efficient time-limited development, software and system-level quality assurance, maintenance, and software reuse. In order to increase the flexibility and reduce the complexity of CubeSat projects, this article proposes a “hybrid” development model that combines the strengths of two approaches: the agile-a-like model for software and the waterfall model for hardware. The paper proposes a new computing platform solution, “Falco SBC/CDHM”, based on Microchip (Atmel) ATSAMV71Q21 with improved performance. This type of platform emphasizes low-cost space hardware that can compete with space-grade platforms. The paper substantiates the architecture of onboard software based on microservices and containerization to break down complex software into relatively simple components that undergraduates and graduates can handle within their Master’s studies, and postgraduates can use for scientific space projects. The checking of the effectiveness of the microservice architecture and the new proposed platform was carried out experimentally, involving the time spent on executing three typical algorithms of different algorithmic complexities. Algorithms were implemented using native C (Bare-metal) and WASM3 on FreeRTOS containers on two platforms, and performance was measured on both “Falco” and “Pi Pico” by Raspberry. The experiment confirmed the feasibility of the complex application of the “hybrid” development model and microservices and container-based architecture. The proposed approach makes it possible to develop complex software in teams of inexperienced students, minimize risks, provide reusability, and thus increase the attractiveness of CubeSat student projects.

show abstract

Section: Why the Cubesat Software Is Complex To Develop?mentioning

confidence: 99%

Agile Software Development Lifecycle and Containerization Technology for CubeSat Command and Data Handling Module Implementation

Liubimov,

Turkin,

Pavlikov

et al. 2023

Computation

View full text Add to dashboard Cite

show abstract

“…It is advisable to collect and analyze information on various criteria for their inclusion in the general database; • Development of tools and case-oriented methods for assessing the quality of AI, AI systems, and AI platforms [120]. They can be based on general assurance case approaches [121,122] as well as functional and cybersecurity assessment approaches [123] Funding: This research received no external funding.…”

Section: Future Researchmentioning

confidence: 99%

Quality Models for Artificial Intelligence Systems: Characteristic-Based Approach, Development and Application

Kharchenko

Fesenko

Illiashenko

2022

Sensors

Self Cite

View full text Add to dashboard Cite

The factors complicating the specification of requirements for artificial intelligence systems (AIS) and their verification for the AIS creation and modernization are analyzed. The harmonization of definitions and building of a hierarchy of AIS characteristics for regulation of the development of techniques and tools for standardization, as well as evaluation and provision of requirements during the creation and implementation of AIS, is extremely important. The study aims to develop and demonstrate the use of quality models for artificial intelligence (AI), AI platform (AIP), and AIS based on the definition and ordering of characteristics. The principles of AI quality model development and its sequence are substantiated. Approaches to formulating definitions of AIS characteristics, methods of representation of dependencies, and hierarchies of characteristics are given. The definitions and harmonization options of hierarchical relations between 46 characteristics of AI and AIP are suggested. The quality models of AI, AIP, and AIS presented in analytical, tabular, and graph forms, are described. The so-called basic models with reduced sets of the most important characteristics are presented. Examples of AIS quality models for UAV video navigation systems and decision support systems for diagnosing diseases are described.

show abstract

“…Because these methodologies do not consider the operating conditions of the system, they cannot be directly applied to a system, and the assistance of security experts is needed. Some regulations and standards documents for information systems indicate security threats and countermeasures; ISO 27 001, ISO 15 408, and BSI catalogs are typical examples [19][20][21]. ese standards documents provide security countermeasures similar to RG 5.71, but they do not present methods for applying and implementing them.…”

Section: Related Workmentioning

confidence: 99%

Compliance-Driven Cybersecurity Planning Based on Formalized Attack Patterns for Instrumentation and Control Systems of Nuclear Power Plants

Lee

Kwon

Yoon

2022

Security and Communication Networks

View full text Add to dashboard Cite

The instrumentation and control (I&C) system of a nuclear power plant (NPP) employs a cybersecurity program regulated by the government. Through regulation, the government requires the implementation of security controls in order for a system to be developed and operated. Accordingly, the licensee of an NPP works to comply with this requirement, beginning in the development phase. The compliance-driven approach is efficient when the government supervises NPPs, but it is inefficient when a licensee constructs them. The security controls described in regulatory guidance do not consider system characteristics. In other words, the development organization spends a considerable amount of time excluding unnecessary control items and preparing the evidence to justify their exclusion. In addition, security systems can vary according to the developer’s level of security knowledge, leading to differences in levels of security between systems. This paper proposes a method for a developer to select the appropriate security controls when preparing the security requirements during the early development phase; it is designed to ensure the system’s security and reduce the cost of excluding unnecessary security controls. We have formalized the representation of attack patterns and security control patterns and identified the relationships between these patterns. We conducted a case study applying RG 5.71 in the Plant Protection System (PPS) to confirm the validity of the proposed method.

show abstract

Advanced Security Assurance Case Based on ISO/IEC 15408

Cited by 31 publications

References 6 publications

Agile Software Development Lifecycle and Containerization Technology for CubeSat Command and Data Handling Module Implementation

Agile Software Development Lifecycle and Containerization Technology for CubeSat Command and Data Handling Module Implementation

Quality Models for Artificial Intelligence Systems: Characteristic-Based Approach, Development and Application

Compliance-Driven Cybersecurity Planning Based on Formalized Attack Patterns for Instrumentation and Control Systems of Nuclear Power Plants

Contact Info

Product

Resources

About