Supporting Assurance by Evidence-Based Argument Services

Górski, Janusz; Jarzębowicz, Aleksander; Miler, Jakub; Micha,; Witkowicz,; Czyżnikiewicz, Jakub; Jar, Patryk

doi:10.1007/978-3-642-33675-1_39

Cited by 13 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Besides the Claims-Arguments-Evidence (CAE) notation [2], NOR-STA notation [34], and the concrete syntax for SACM [36], the GSN notation [68] is the most prominent graphical syntax for expressing assurance cases. GSN is "a graphical argument-notation which can be used to document explicitly the elements, and the structure of an argument and the argument's relationship to evidence" [68].…”

Section: Goal-structuring Notationmentioning

confidence: 99%

Product-line assurance cases from contract-based design

Nešić

Nyberg

Gallina

2021

Journal of Systems and Software

View full text Add to dashboard Cite

Assurance cases are used to argue in a structured, and evidence-supported way, that a property such as safety or security is satisfied by a system. In some domains however, instead of single systems, product lines with many system-variants are engineered, to satisfy the needs of different customers. In such context, singlesystem methods for assurance-case creation suffer from scalability issues because the underlying assumption is that the evidence and arguments can be created per system variant. This paper presents a novel method for product-line assurance-case creation where all the arguments and the evidence are created without analyzing each system variant. Consequently, the effort to create an assurance case scales with the complexity of system variants, instead with their number. The method is based on a contract-based design framework for cyber-physical systems, which is extended to define the conditions under which all system variants satisfy a particular property. These conditions are used to define an assurance-case pattern, which can be instantiated for arbitrary product lines. Moreover, the defined pat-PRODUCT-LINE ASSURANCE CASES tern is modular to enable step-wise assurance-case creation. Finally, an exploratory case study is performed on a real product-line from the heavy-vehicle manufacturer Scania to evaluate the applicability of the presented method.

show abstract

Section: Goal-structuring Notationmentioning

confidence: 99%

Product-line assurance cases from contract-based design

Nešić

Nyberg

Gallina

2021

Journal of Systems and Software

View full text Add to dashboard Cite

show abstract

“…-Using different types of AC for security: These approaches suggest using different types of assurance cases other than SAC for security assurance. These types are: (i) trust cases, which are based on assurance cases templates derived from the requirements of security standards (Cyra and Gorski 2007); (ii) trustworthiness cases, which focus mainly on addressing users' trust requirements (Górski et al 2012;Mohammadi et al 2018); and (iii) combined safety and security cases (Cockram and Lautieri 2007). This approach combines safety and security principles to create assurance cases with the main goal of achieving acceptable safety.…”

Section: Rq2: Approachesmentioning

confidence: 99%

“…The data sources vary among the validations, as can be seen in Table 14. We categorize these sources into three main categories: -Research, open source, and in-house projects (20) (Ankrum and Kromholz 2005;Chindamaikul et al 2014;Cockram and Lautieri 2007;Coffey et al 2014;Gacek et al 2014;Haley et al 2005;Hawkins et al 2015;Mohammadi et al 2018;Netkachova et al 2015;Patu and Yamamoto 2013a;Poreddy and Corns 2011;Ray and Cleaveland 2015;Rodes et al 2014;Shortt and Weber 2015;Sklyar and Kharchenko 2019;Sljivo and Gallina 2016;Strielkina et al 2018;Tippenhauer et al 2014;Vivas et al 2011;Gallo and Dahab 2015) -Commercial products / systems (9) (Ben Othmane and Ali 2016;Ben Othmane et al 2014;Calinescu et al 2017;Cheah et al 2018;Goodger et al 2012;Górski et al 2012;Masumoto et al 2013;Xu et al 2017;Netkachova et al 2014) -Standards, regulation, and technical reports (7) (Bloomfield et al 2017;Cyra and Gorski 2007;Finnegan and McCaffery 2014b;Fung et al 2018;Graydon and Kelly 2013;He and Johnson 2012;Sklyar and Kharchenko 2017b) SACs were presented in 31 out of the 36 validations. Representing a complete SAC is mostly not possible even in small illustrative cases due to the amount of information required ...…”

Section: Weinstock Et Al (2007)mentioning

confidence: 99%

See 1 more Smart Citation

Security assurance cases—state of the art of an emerging approach

2021

View full text Add to dashboard Cite

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

show abstract

“…We have used NOR-STA assurance case tool [13] to develop the integrated assurance and confidence arguments. The tool has been developed at Gdańsk University of Technology (GUT) and is using TCL notation (Trust Case Language).…”

Section: Fig 2 General Schema Of Argument Integrationmentioning

confidence: 99%

Integrating Confidence and Assurance Arguments

Jarzbowicz

Wardziński

2015

10th IET System Safety and Cyber-Security Conference 2015

View full text Add to dashboard Cite

To be considered compelling an assurance case should address its potential deficits, possibly with the use of a confidence argument. Assurance argument and confidence argument should be clearly separated and consistent at the same time. We propose a way of their integration with the use of an element representing rationale for each argumentation strategy. The rationale integrates confidence argument for a given argumentation step and can be used to demonstrate strength of the argument. The approach is illustrated with a confidence argument development case study. The confidence argument has been created for defeaters identified with the use of a checklist.

show abstract

Supporting Assurance by Evidence-Based Argument Services

Cited by 13 publications

References 6 publications

Product-line assurance cases from contract-based design

Product-line assurance cases from contract-based design

Security assurance cases—state of the art of an emerging approach

Integrating Confidence and Assurance Arguments

Contact Info

Product

Resources

About