Security assurance cases for road vehicles

Mohamad, Mazen; Åström, Alexander; Askerdal, Örjan; Borg, Jörgen; Scandariato, Riccardo

doi:10.1145/3407023.3407033

Cited by 7 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…And even though the standard does not actually identify a specific method to build the case it has a clear objective by conveying that it shall be created to provide the argument for the cybersecurity of the item or component, supported by work products, and that it can be created by combining customer supplier cybersecurity cases but most also support post-development. The standard has a clause focused on operations and maintenance, in this section the relation of prerequisites for post development are relevant, and how it must be used in the instant of delivering updates [26] [27]. Section 6 specifically mentions the need of a cybersecurity case while Section 9 details the concept phase, by (1) defining the operational environment, (2) specifying the cybersecurity goals and claims and (3) specifying the cybersecurity requirements.…”

Section: Methods and Toolsmentioning

confidence: 99%

Application of an Automotive Assurance Case Approach to Autonomous Marine Vessel Security

Cobos

Miao

Sowka

et al. 2022

2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME)

View full text Add to dashboard Cite

The increase of autonomy in autonomous surface vehicles development brings along modified and new risks and potential hazards, this in turn, introduces the need for processes and methods for ensuring that systems are acceptable for their intended use with respect to dependability and safety concerns. One approach for evaluating software requirements for claims of safety is to employ an assurance case. Much like a legal case, the assurance case lays out an argument and supporting evidence to provide assurance on the software requirements. This paper analyses safety and security requirements relating to autonomous vessels, and regulations in the automotive industry and the marine industry before proposing a generic cybersecurity and safety assurance case that takes a general graphical approach of Goal Structuring Notation (GSN).

show abstract

Section: Methods and Toolsmentioning

confidence: 99%

Application of an Automotive Assurance Case Approach to Autonomous Marine Vessel Security

Cobos

Miao

Sowka

et al. 2022

2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME)

View full text Add to dashboard Cite

show abstract

“…In particular, we are interested in whether there are statements that go beyond the intuitive rationale of using SAC "for security assurance". For instance, our initial research (Mohamad et al 2020) indicated that compliance with security standards and regulations is also an important driver. As shown in Table 1, to answer this research question we analyze the surveyed papers and extract two characteristics: assess security level of product or service, obtain certification, .…”

Section: Research Questions and Assessment Criteriamentioning

confidence: 99%

“…Without having an in-depth knowledge of the specific regulation or standard, it is hard to determine whether SACs are explicitly required, or rather just recommended as a way to create a structured argument for security. Incidentally, in our own previous work we have tried to demystify this issue in the context of automotive systems (Mohamad et al 2020). Furthermore, some studies suggest that SACs can be used for evaluating the level of security of a system by assigning measurements to the elements of the cases, e.g., the evidence.…”

Section: Potential For a Wide Range Of Benefitsmentioning

confidence: 99%

“…An obvious question to ask is: why are SACs not more widely adopted in industry even though there are so many motivations and usage scenarios for them in literature? It has already been shown that adopting SACs is nontrivial (Mohamad et al 2020). It requires a substantial amount of effort and time, which grows as the systems become more complex.…”

Section: Potential For a Wide Range Of Benefitsmentioning

confidence: 99%

“…Furthermore, there is a lack of studies covering what comes after the creation of SAC. In particular, for SAC to be useful, they have to be updated and maintained throughout the life-cycles of the products and systems they target, otherwise, they become obsolete (Mohamad et al 2020). Particularly, there need to be traceable links between the created SACs and the artefacts of these products and systems.…”

Section: Imbalance In Coveragementioning

confidence: 99%

See 2 more Smart Citations

Security assurance cases—state of the art of an emerging approach

2021

Self Cite

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract