CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
Journal article, 2023

Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle’s headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.

automotive systems


assurance cases


Mazen Mohamad

Chalmers, Computer Science and Engineering (Chalmers), Interaction Design and Software Engineering

Rodi Jolak

Chalmers, Computer Science and Engineering (Chalmers), Interaction Design and Software Engineering

Orjan Askerdal

Jan-Philipp Steghöfer

Software Engineering 1

Riccardo Scandariato

Software Engineering 2

ACM Transactions on Cyber-Physical Systems

2378962X (ISSN) 23789638 (eISSN)

Vol. 7 3 1-26

CASUS: Building Security Assurance Cases in Automotive Open Systems


Subject Categories

Computer Science

Computer Systems



More information