CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
Artikel i vetenskaplig tidskrift, 2023

Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle's headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.

automotive systems


assurance cases


Mazen Mohamad

Göteborgs universitet

Rodi Jolak

Göteborgs universitet

Orjan Askerdal

Volvo Group

Jan-Philipp Steghöfer

Göteborgs universitet

Riccardo Scandariato

Technische Universität Hamburg-Harburg (TUHH)

ACM Transactions on Cyber-Physical Systems

2378962X (ISSN) 23789638 (eISSN)

Vol. 7 1 3



Datavetenskap (datalogi)



Mer information

Senast uppdaterat