Security Assurance Cases – State of the Art of an Emerging Approach
Journal article, 2021

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations.
Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated.
In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC.
Our review resulted in an in-depth analysis and comparison of 51 papers.
Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

security

assurance cases

systematic literature review

Author

Mazen Mohamad

University of Gothenburg

Jan-Philipp Steghöfer

University of Gothenburg

Riccardo Scandariato

Technical University of Hamburg (TUHH)

Empirical Software Engineering

1382-3256 (ISSN) 1573-7616 (eISSN)

Vol. 26 4 70

CASUS: Building Security Assurance Cases in Automotive Open Systems

VINNOVA, -- .

Subject Categories

Software Engineering

Computer Science

Computer Systems

DOI

10.1007/s10664-021-09971-7

More information

Latest update

6/7/2021 6