Abstract
It is sure that critical systems are appropriately secure and protected against malicious threats. In this paper, we present a novel pattern for Security Assurance Cases that integrates security controls from the NIST-800-53 cyber security standard into a comprehensive argument about system security. Our framework uses Eliminative Argumentation to increase confidence that these controls have been applied correctly by explicitly considering and addressing doubts in the argument.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO 26262 - Road vehicles—Functional safety. Standard, International Organization for Standardization, Switzerland (2018)
NIST 800-53 - Security and Privacy Controls for Information Systems and Organizations. Special Publication SP 800-53, National Institute of Standards and Technology (2020)
ISO 21434 - Road vehicles - Cybersecurity engineering. Standard, International Organization for Standardization (2021)
Socrates - Assurance Case Editor (2023). https://safetycasepro.com
Bloomfield, R., Bishop, P., Jones, C., Froome, P.: ASCAD – Adelard safety case development manual. Technical report, Adelard (1998)
Burton, S., Gauerhof, L., Heinzemann, C.: Making the case for safety of machine learning in highly automated driving. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 5–16. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_1
Diemert, S., Joyce, J.: Eliminative argumentation for arguing system safety - a practitioner’s experience. In: 2020 IEEE International Systems Conference (SysCon), pp. 1–7 (2020). iSSN 2472-9647
Diemert, S., Goodenough, J., Joyce, J., Weinstock, C.: Incremental assurance through eliminative argumentation. J. Syst. Saf. 58(1), 7–15 (2023)
Goodenough, J.B., Weinstock, C.B., Klein, A.Z.: Eliminative argumentation: a basis for arguing confidence in system properties. Technical report, Carnegie Mellon University-Software Engineering Institute Pittsburgh United (2015)
ACW Group: Assurance Case Guidance - Challenges, Common Issues and Good Practice (Version 1.1). Technical report, Safety Critical Systems Club (2021)
ACW Group: Goal Structuring Notation Community Standard (Version 3). Technical report, Safety Critical Systems Club (2021)
Holloway, C.M.: The Friendly Argument Notation (FAN). Technical report (2020). https://ntrs.nasa.gov/citations/20205002931, nTRS Author Affiliations: Langley Research Center NTRS Document ID: 20205002931 NTRS Research Center: Langley Research Center (LaRC)
Jahan, S., et al.: MAPE-K/MAPE-SAC: an interaction framework for adaptive systems with security assurance cases. Futur. Gener. Comput. Syst. 109, 197–209 (2020)
Kelly, T.P.: Arguing safety - a systematic approach to safety case management. Ph.D. thesis, University of York (1998)
Muckin, M., Fitch, S.C.: A Threat-Driven Approach to Cyber Security. Lockheed Martin Corporation (2014)
Toulmin, S.E.: The Uses of Argument, 2nd edn. Cambridge University Press, Cambridge (2003). https://doi.org/10.1017/CBO9780511840005
Wikipedia: Autonomous cargo ship—Wikipedia, the free encyclopedia (2023). https://en.wikipedia.org/wiki/Autonomous_cargo_ship. Accessed 29 Apr 2023
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Viger, T., Diemert, S., Foster, O. (2023). Patterns for Integrating NIST 800-53 Controls into Security Assurance Cases. In: Guiochet, J., Tonetta, S., Schoitsch, E., Roy, M., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops. SAFECOMP 2023. Lecture Notes in Computer Science, vol 14182. Springer, Cham. https://doi.org/10.1007/978-3-031-40953-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-40953-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40952-3
Online ISBN: 978-3-031-40953-0
eBook Packages: Computer ScienceComputer Science (R0)