Asset-driven Security Assurance Cases with Built-in Quality Assurance
Paper in proceeding, 2021
Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system.
SACs are gaining focus in the automotive domain as the needs for security assurance are growing.
In this study, we present an approach for creating SAC. The approach is inspired by the upcoming security standards ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs).
We created the approach by extracting relevant requirements from ISO/SAE-21434 and illustrated it using an example case of the headlamp items provided in the standard.
We found that the approach is applicable and helps to satisfy the requirements for security assurance in the standard as well as the internal compliance needs in an automotive OEM.
SACs are gaining focus in the automotive domain as the needs for security assurance are growing.
In this study, we present an approach for creating SAC. The approach is inspired by the upcoming security standards ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs).
We created the approach by extracting relevant requirements from ISO/SAE-21434 and illustrated it using an example case of the headlamp items provided in the standard.
We found that the approach is applicable and helps to satisfy the requirements for security assurance in the standard as well as the internal compliance needs in an automotive OEM.
security
assurance cases
automotive systems
Author
Mazen Mohamad
University of Gothenburg
Software Engineering 2
Örjan Askerdal
Volvo Group
Rodi Jolak
Cyber Physical Systems
University of Gothenburg
Jan-Philipp Steghöfer
University of Gothenburg
Software Engineering 1
Riccardo Scandariato
Software Engineering 2
University of Gothenburg
2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
29-36
9781665445535 (ISBN)
The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
Virtual Event, ,
Virtual Event, ,
CASUS: Building Security Assurance Cases in Automotive Open Systems
VINNOVA, -- .
Subject Categories (SSIF 2011)
Other Computer and Information Science
Computer Science
Computer Systems
Subject Categories (SSIF 2025)
Security, Privacy and Cryptography
DOI
10.1109/EnCyCriS52570.2021.00012