Security Assurance Cases – State of the Art of an Emerging Approach
Artikel i vetenskaplig tidskrift, 2021

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations.
Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated.
In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC.
Our review resulted in an in-depth analysis and comparison of 51 papers.
Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

security

assurance cases

systematic literature review

Författare

Mazen Mohamad

Göteborgs universitet

Jan-Philipp Steghöfer

Göteborgs universitet

Riccardo Scandariato

Technische Universität Hamburg-Harburg (TUHH)

Empirical Software Engineering

1382-3256 (ISSN) 1573-7616 (eISSN)

Vol. 26 4 70

CASUS: Konstruktion av IT-säkerhetsunderlag för öppna fordonssystem

VINNOVA, -- .

Ämneskategorier

Programvaruteknik

Datavetenskap (datalogi)

Datorsystem

DOI

10.1007/s10664-021-09971-7

Mer information

Senast uppdaterat

2021-06-07