Skip to main content
SpringerLink
Log in

Advanced Security Assurance Case Based on ISO/IEC 15408

  • Conference paper
Theory and Engineering of Complex Systems and Dependability (DepCoS-RELCOMEX 2015)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 365))

Included in the following conference series:

Abstract

Assessment and assurance of conformity with regulation documents assumes significant cost in modern economies. Demonstration of compliance with security standards involves providing evidence that the standards’ security criteria are met in full substantiating appropriate decision. Nevertheless despite its importance such type of activity haven’t been addressed adequately by the available solutions and the tool support given to conformity assessment and assurance processes is rather poor. International standards do not contain any formal technique for security evaluation, what makes performing evaluation process complicated and one-sided. In the article the approach to the security assurance evaluation Advanced Security Assurance Case (ASAC) is proposed based on refined definition of existed assurance case structure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC 15408-1:2009, Informational technology – Security techniques – Evaluation criteria for IT security, Part 1: Introduction and general model (2009)

    Google Scholar 

  2. ISO/IEC 15408-3:2008, Informational technology – Security techniques – Evaluation criteria for IT security, Part 3: Security assurance requirement (2008)

    Google Scholar 

  3. ISO/IEC 18045:2008, Informational technology – Security techniques – Methodology for IT security evaluation (2008)

    Google Scholar 

  4. Potii, O., Komin, D., Rebriy, I.: Method of Assurance Requirements Evaluation. In: Kharchenko, V., Tagarev, T. (eds.) Kharkiv, National Aerospace University n. a. N. E. Zhukovsky “KhAI”, vol. 1, pp. 123–132 (2011)

    Google Scholar 

  5. ISO/IEC TR 15443-1:2012, Information technology – Security techniques – Security assurance framework – Part 1: Introduction and concepts (2012)

    Google Scholar 

  6. Kelly, T., McDermid, T.: Safety Case Construction and Reuse Using Patterns. In: Daniel, T. (ed.) Proceedings of the 16th International Conference on Computer Safety, Reliability and Security (SAFECOMP 1997), pp. 55–69. Springer, London (1997)

    Google Scholar 

  7. Cyra, L., Gorski, J.: SCF - A Framework Supporting Achieving and Assessing Conformity with Standards. Special Issue: Secure Semantic Web 33(1), 80–95 (2011)

    Google Scholar 

  8. Williams, J.R., George, F.J.: A Framework for Reasoning about Assurance, Document Number ATR 97043. Arca Systems, Inc. (April 23, 1998)

    Google Scholar 

  9. Nair, S., de la Vara, J.L., Sabetzadeh, M., Briand, L.: An Extended Systematic Literature Review on Provision of Evidence for Safety Certification. Information and Software Technology 56, 689–717 (2014)

    Article  Google Scholar 

  10. Bishop, P., Bloomfield, R.: The SHIP Safety Case. In: Rabe, G. (ed.) The proceedings of the 14th Conference on Computer Safety, Reliability and Security, SafeComp 1995, Belgirate, Italy, pp. 437–451. Springer (1995)

    Google Scholar 

  11. Strigini, L.: Formalism and Judgement in Assurance Cases. In: DSN 2004 Workshop on Assurance Cases: Best Practices, Possible Obstacles, and Future Opportunities, Florence, Italy (2004)

    Google Scholar 

  12. Bloomfield, R.E., Wetherilt, A.: Computer Trading and Systemic Risk: a Nuclear Perspective. Foresight study, The Future of Computer Trading in Financial Markets, Driver Review DR26. Government Office for Science (2012)

    Google Scholar 

  13. Kelly, T., Weaver, R.: The Goal Structuring Notation – A Safety Argument Notation. In: Workshop on Assurance Cases, 2004 International Conference on Dependable Systems and Networks, Florence (2004)

    Google Scholar 

  14. Bishop, P.G., Bloomfield, R.E.: A Methodology for Safety Case Development. In: Redmill, F., Anderson, T. (eds.) Industrial Perspectives of Safety-critical Systems: Proceedings of the Sixth Safety-Critical Systems Symposium, Birmingham, pp. 194–203. Springer, London (1998)

    Chapter  Google Scholar 

  15. ISO/IEC 15026-2:2011. Systems and software engineering — Systems and software assurance, Part 2: Assurance case (2011)

    Google Scholar 

  16. NPP Safety Automation Systems Analysis. State of the Art, VTT, http://www.vtt.fi/files/projects/mallintarkastus/npp_safety_automation_systems_analysis_state_of_the_art.pdf (access date: January 2015)

  17. The Purpose, Scope, and Content of Safety Cases, ONR Nuclear Safety Technical Assessment Guide, http://www.onr.org.uk/operational/tech_asst_guides/ns-tast-gd-051.pdf (access date: January 2015)

  18. Safety Case Development Manual, European Organization For The Safety of Air Navigation, http://www.eurocontrol.int/sites/default/files/article/content/documents/nm/link2000/safety-case-development-manual-v2.2-ri-13nov06.pdf (access date: January 2015)

  19. Building a Preliminary Safety Case: An Example from Aerospace, http://www-users.cs.york.ac.uk/tpk/preliminary.pdf (access date: January 2015)

  20. Netkachova, K., Bloomfield, R.E., Stroud, R.J.: Security-informed safety cases. In: Specification and Safety and Security Analysis and Assessment Techniques. D3.1, SESAMO project, http://sesamo-project.eu (access date: January 2015)

  21. Scott, A.T., Krombolz, A.H.: Structured Assurance Cases: Three Common Standards. In: 9th IEEE International Symposium on High-Assurance Systems Engineering, http://www.acq.osd.mil/se/webinars/2010-01-19-SECIE-Structured-Assurance-Ankrum-Kromholz-brief.pdf (access date: January 2015)

  22. Adelard Safety Case Development Manual, http://www.adelard.com/resources/ascad/ascad_download.html (access date: January 2015)

  23. Kharchenko, V., Illiashenko, O., Kovalenko, A., Sklyar, V., Boyarchuk, A.: Security Informed Safety Assessment of NPP I&C Systems: GAP-IMECA Technique. In: 22nd International Conference on Nuclear Engineering, ICONE 22, Prague, Czech Republic. Next Generation Reactors and Advanced Reactors; Nuclear Safety and Security, vol. 3, p. V003T06A054 (2014)

    Google Scholar 

  24. A Method of Trust Case Templates to Support Standards Conformity Achievement and Assessment, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.163.906&rep=rep1&type=pdf (access date: January 2015)

  25. Towards an Assurance Case Practice for Medical Devices, Carnegie Mellon University, http://www.sei.cmu.edu/reports/09tn018.pdf (access date: January 2015)

  26. Linling, S., Kelly, T.: Safety arguments in aircraft certification. In: 4th IET International Conference on Systems Safety 2009. Incorporating the SaRS Annual Conference, London, pp. 1–6 (2009)

    Google Scholar 

  27. Jøsang, A.: Subjective logic. University of Oslo, http://folk.uio.no/josang/papers/subjective_logic.pdf (access date: January 2015)

  28. Parondzhanov, V.: How to improve the work of your mind. Algorithms without programmers – it’s very simple! Delo. Moscow (2001)

    Google Scholar 

  29. DRAKON official website, http://drakon-editor.sourceforge.net/ (access date: January 2015)

Download references

Author information

Authors and Affiliations

  1. Department of Information Security, JSC Institute of Information Technology, 12 Bakulina Street, Kharkov, 61023, Ukraine

    Oleksandr Potii

  2. Department of Computer Systems and Networks (503), National Aerospace University n. a. N. E. Zhukovsky “KhAI”, 17 Chkalova Street, Kharkov, 61070, Ukraine

    Oleg Illiashenko

  3. Air Force Scientific Centre, Kharkov Kozhedub Air Force University, 77/79 Sumska Street, Kharkov, 61023, Ukraine

    Dmitry Komin

Authors
  1. Oleksandr Potii
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oleg Illiashenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dmitry Komin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oleksandr Potii .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Wojciech Zamojski

  2. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Jacek Mazurkiewicz

  3. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Jarosław Sugier

  4. Department of Computer Engineering, Wrocław University of Technology, Wrocław, Poland

    Tomasz Walkowiak

  5. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Potii, O., Illiashenko, O., Komin, D. (2015). Advanced Security Assurance Case Based on ISO/IEC 15408. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Theory and Engineering of Complex Systems and Dependability. DepCoS-RELCOMEX 2015. Advances in Intelligent Systems and Computing, vol 365. Springer, Cham. https://doi.org/10.1007/978-3-319-19216-1_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19216-1_37

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19215-4

  • Online ISBN: 978-3-319-19216-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation