{"title":"A New Method for Writing Assurance Cases","authors":"Y. Matsuno, Shuichiro Yamamoto","doi":"10.4018/JSSE.2013010103","DOIUrl":null,"url":null,"abstract":"In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is adequately dependable for a given application in a given environment. Assurance cases have been used mostly in the safety field, but are now beginning to be widely applied in other areas. Cyber security is one such area, and recently, assuring security of cyber systems has become crucial. Several methods and various guidelines for writing assurance cases have been used. Unfortunately, only experts are currently able to write assurance cases, and it is still difficult for ordinary engineers to write them. This paper presents a new method for writing assurance cases. The main ideas are that (1) documents generated and used during the system lifecycle must be either used by the assurance cases or must be referred to in the assurance cases, and (2) typical patterns exist for assurance cases, and these patterns have not yet been well discussed. This paper presents the preliminary steps in developing a method for writing assurance cases. The authors also report on a preliminary experiment carried out on a web server demo system.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"402 1","pages":"31-49"},"PeriodicalIF":0.0000,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/JSSE.2013010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is adequately dependable for a given application in a given environment. Assurance cases have been used mostly in the safety field, but are now beginning to be widely applied in other areas. Cyber security is one such area, and recently, assuring security of cyber systems has become crucial. Several methods and various guidelines for writing assurance cases have been used. Unfortunately, only experts are currently able to write assurance cases, and it is still difficult for ordinary engineers to write them. This paper presents a new method for writing assurance cases. The main ideas are that (1) documents generated and used during the system lifecycle must be either used by the assurance cases or must be referred to in the assurance cases, and (2) typical patterns exist for assurance cases, and these patterns have not yet been well discussed. This paper presents the preliminary steps in developing a method for writing assurance cases. The authors also report on a preliminary experiment carried out on a web server demo system.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
