Assurance Cases for Road Vehicles: an Industry Perspective
Paper in proceeding, 2020

Assurance cases are structured arguments that are commonly used to reason about the safety of a product or service. Currently, there is an ongoing push towards using assurance cases for also cybersecurity, especially in safety critical domains, like automotive. While the industry is faced with the challenge of defining a sound methodology to build security assurance cases, the state of the art is rather immature. Therefore, we have conducted a thorough investigation of the (external) constraints and (internal) needs that security assurance cases have to satisfy when used in the automotive industry. This has been done in the context of two large automotive companies. The end result is a set of recommendations that automotive companies can apply in order to define security assurance cases that are (i) aligned with the constraints imposed by the existing and upcoming standards and regulations and (ii) harmonized with the internal product development processes and organizational practices. We expect the results to be also of interest for product companies in other safety critical domains, like healthcare, transportation, and so on.


assurance cases



Mazen Mohamad

University of Gothenburg

Alexander Åström

Volvo Cars

Örjan Askerdal

Volvo Group

Jörgen Borg

Volvo Cars

Riccardo Scandariato

University of Gothenburg

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

The 15th International Conference on Availability, Reliability and Security (ARES 2020)
Virtual Event, Ireland,

CASUS: Building Security Assurance Cases in Automotive Open Systems


Subject Categories

Software Engineering

More information

Latest update