A New Approach to Develop a Dependable Security Case by Combining Real Life Security Experiences (Lessons Learned) with D-Case Development Process

  • Vaise Patu
  • Shuichiro Yamamoto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8128)

Abstract

Modern information and distributed systems runs for extensive periods of time and are being constantly improved in service objectives under evolving technologies and changing regulations and standards. These systems have become extremely complex and therefore, it is very important that they are to be dependable in order for them to execute their functionalities and purposes correctly or to an acceptable level of services. However, due to the ever-growing complexity of information and distributed systems, it is very difficult to achieve dependability by relying only on conventional technologies such as development processes and formal methods. And therefore the idea of Assurance Case or D-Case (dependability case) has become more and more a popular notion. Recently, D-Case which is an extension form of Assurance Case, is more commonly associated with the safely aspect of dependability. And because of this regard, safety cases are more well known in comparison to other aspects of dependability such as availability, integrity and confidentiality witch are all related to the security domain. In this paper, we introduce our new approach to the development of a dependable security case.

References

  1. 1.
    Ankrum, T.S., Kromholz, A.H.: Structured assurance cases: three common standards. In: Proceedings of the Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE 2005), pp. 99–108 (2005)Google Scholar
  2. 2.
    Avizienis, A., Laprie, J.-C., Randell, B.: Fundamental Concepts of Dependability. In: Proceedings of the Third Information Survivability Workshop, ISW 2000 (2000)Google Scholar
  3. 3.
    Bloomfield, R., Littlewood, B.: Multi-legged Arguments: The Impact of Diversity Upon Confidence in Dependability Arguments. In: Proceedings of 2003 International Conference on Dependable Systems and Networks, San Francisco, California. IEEE Computer Society Press (2003)Google Scholar
  4. 4.
    Jackson, D., Thomas, M., Millett, L.I. (eds.): Software for Dependable Systems: Sufficient Evidence? Committee on Certifiably Dependable Software Systems, Computer Science and Telecommunications Board, National Research Council. National Academies Press, ISBN:0-309-66738-0, http://www.nap.edu/catalog/11923.html
  5. 5.
    Kelly, T.P.: Arguing Safety—A Systematic Approach to Safety Case Management. DPhil Thesis, York University, Department of Computer Science Report YCST (May 1999)Google Scholar
  6. 6.
    DoD. Ministry of Defence, Defence Standard 00-56, Issue 4 (Publication Date June 01, 2007)Google Scholar
  7. 7.
    Howell, C.: Workshop on Assurance Cases: Best Practices, Possible Obstacles, and Future Opportunities. In: DSN 2004 (2004)Google Scholar
  8. 8.
  9. 9.
    Bishop, P., Bloomfield, R.: A Methodology for Safety Case Development. In: Proc. of the 6th Safety-critical Systems Symposium, Birmingham, UK (February 1998)Google Scholar
  10. 10.
    Toulmin, S.: The Use of Argument. Cambridge University Press (1958)Google Scholar
  11. 11.
    Besnard, P., Hunter, A.: Elements of Argumentation. The MIT Press (2008)Google Scholar
  12. 12.
    Leveson, N.: The Use of Safety Cases in Certification and Requlation. ESD Working Paper Series. MIT, Boston (2011)Google Scholar
  13. 13.
    Kelly, T., Weaver, R.: The Goal Structuring Notation – a safety argument notation. In: Proc. of DSN 2004, Workshop on Assurance Cases (2004)Google Scholar
  14. 14.
    Jackson, D., Thomas, M., Milett, L.: Software for Dependable Systems: Sufficient evidence? National Academic Press (2007)Google Scholar
  15. 15.
  16. 16.
    Matsuno, Y., Takamura, H., Ishikawa, Y.: A Dependability Case Editor with Pattern Library. In: Proc. IEEE HASE, pp. 170–171 (2010)Google Scholar
  17. 17.
    Despotou, G.: Managing the Evolution of Dependability Cases for Systems of Systems. PhD Thesis, YCST-2007-16, High Integrity Research Group, Department of Computer Science, University of York, United Kindgom (2007)Google Scholar
  18. 18.
    Weinstock, C.B., Goodenough, J.B., Hudak, J.J.: Dependability Cases. Technical Note CMU/SEI-2004-TN-016, SEI, Carnegie Mellon University (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Vaise Patu
    • 1
  • Shuichiro Yamamoto
    • 1
  1. 1.Nagoya UniversityNagoya CityJapan

Personalised recommendations