CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems

IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS ACM Transactions on Cyber-Physical Systems Pub Date : 2022-11-16 DOI:10.1145/3569459
Mazen Mohamad, Rodi Jolak, Örjan Askerdal, Jan-Philipp Steghöfer, R. Scandariato
{"title":"CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems","authors":"Mazen Mohamad, Rodi Jolak, Örjan Askerdal, Jan-Philipp Steghöfer, R. Scandariato","doi":"10.1145/3569459","DOIUrl":null,"url":null,"abstract":"Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle’s headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":" ","pages":"1 - 26"},"PeriodicalIF":2.0000,"publicationDate":"2022-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3569459","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 1

Abstract

Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle’s headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
CASCADE:建立汽车系统安全保障案例的资产驱动方法
安全保证案例(SAC)是用于对某个系统的安全性进行推理的结构化论点和证据机构。随着汽车行业对安全保障的需求不断增长,SAC在汽车行业越来越受到关注。然而,现有技术缺乏能够满足汽车行业需求的成熟方法。在本文中,我们介绍了CASCADE,这是一种创建SAC的资产驱动方法,其灵感来自即将推出的安全标准ISO/SAE-21434以及汽车原始设备制造商(OEM)的内部需求。CASCADE还通过引入一种对构建的安全保证案例的质量进行推理的方式,将自己与最先进的技术区分开来。我们通过进行迭代设计科学研究创造了这种方法。我们使用ISO标准中提供的道路车辆前照灯的示例案例来说明结果。我们还说明了我们的方法如何与ISO/SAE-21434标准的结构和内容保持一致,从而证明了CASCADE在工业环境中的实际适用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Cyber-Physical Systems
ACM Transactions on Cyber-Physical Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
CiteScore
5.70
自引率
4.30%
发文量
40
期刊最新文献
On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1