Building Blocks for Assurance Cases

Bloomfield, Robin; Netkachova, Kateryna

doi:10.1109/issrew.2014.72

Cited by 30 publications

(26 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The basic concepts of CAE are supported by an international standard [3] and industry guidance [4]. A recent comprehensive review [15,16]and analysis of assurance cases is provided by John Rushby in [14].…”

Section: Resultsmentioning

confidence: 99%

Security-Informed Safety

Netkachova

Bloomfield

2016

Computer

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Society relies on the safe functioning of computer based networks and systems whether it is in transportation, in energy production, banking or in medical devices. In some sectors, notably high hazard ones, achieving and assuring safety is a relatively mature undertaking -although of course we must not be complacent [20,21]. The advent of cyber issues brings enormous challenges and changes to the traditional engineering tempo and approach. This is exacerbated by the increasing sophistication of attackers, the commoditisation of low-end attacks, the increasing vulnerabilities of digital systems as well as their connectivity -both designed and inadvertent. In our research and practice we have been considering the impact of cyber issues on safety critical and safety related computer systems 1 . This article shares some of the issues and lessons learned. Permanent repository link

show abstract

Section: Resultsmentioning

confidence: 99%

Security-Informed Safety

Netkachova

Bloomfield

2016

Computer

View full text Add to dashboard Cite

show abstract

“…The next steps will be towards additional formalisation of the reasoning within the securityinformed safety cases and the development of templates using the CAE Blocks [4] as well as exploring their linking them to formal models. Additionally, issues related to compositionality and traceability between layers would need to be addressed in more detail.…”

Section: Resultsmentioning

confidence: 99%

Investigation into a layered approach to architecting security-informed safety cases

Netkachova

Müller

Paulitsch

et al. 2015

2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC)

Self Cite

View full text Add to dashboard Cite

The paper describes a layered approach to analysing safety and security in a structured way and creating a security-informed safety case. The approach is applied to a case study -a Security Gateway controlling data flow between two different security domains implemented with a separation kernel based operating system in an avionics environment. We discuss some findings from the case study, show how the approach identifies and ameliorates important interactions between safety and security and supports the development of complex assurance case structures.

show abstract

“…Over the past five years or so we have been researching the impact security has on safety assurance and have been developing enhancements to the Claims, Arguments and Evidence (CAE) approach [1][2][3] to deal with some of the challenges posed by the need for increased rigour and complexity of systems. This supports the evaluation we have been doing of critical infrastructure security and safety e.g., [4].…”

Section: Introductionmentioning

confidence: 99%

“…As shown above, we used the CAE Blocks [3] as a structuring mechanism. These were presented informally without side conditions.…”

mentioning

confidence: 99%

Using an Assurance Case Framework to Develop Security Strategy and Policies

Bloomfield

Bishop

Butler

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract. Assurance cases have been developed to reason and communicate about the trustworthiness of systems. Recently we have also been using them to support the development of policy and to assess the impact of security issues on safety regulation. In the example we present in this paper, we worked with a safety regulator (anonymised as A Regulatory Organisation (ARO) in this paper) to investigate the impact of cyber-security on safety regulation. Permanent

show abstract

Building Blocks for Assurance Cases

Cited by 30 publications

References 6 publications

Security-Informed Safety

Security-Informed Safety

Investigation into a layered approach to architecting security-informed safety cases

Using an Assurance Case Framework to Develop Security Strategy and Policies

Contact Info

Product

Resources

About