From Safety Cases to Security Cases

Abstract

Assurance cases are widely used in the safely domain, where they pro-vide a way to justify the safety of a system and render that justification open to review. Assurance cases have not been widely used in security, but there is guid-ance available and there have been some promising experiments. There are a number of differences between safety and security which have implications for how we create security cases, but they do not appear to be insurmountable. It appears that the process of creating a security case is compatible with typical evaluation processes, and will have additional benefits in terms of training and corporate memory. In this paper we discuss some of the implications and chal-lenges of applying the practice of assurance case construction from the safety domain to the security domain.

Metadata

Item Type:	Conference or Workshop Item
Authors/Creators:	Alexander, Robert David https://orcid.org/0000-0003-3818-0310 Hawkins, Richard David https://orcid.org/0000-0001-7347-3413 Kelly, Timothy Patrick https://orcid.org/0000-0002-7385-2031
Dates:	Published: February 2017
Institution:	The University of York
Academic Units:	The University of York > Faculty of Sciences (York) > Computer Science (York)
Depositing User:	Pure (York)
Date Deposited:	17 Oct 2017 14:15
Last Modified:	23 Apr 2025 23:11
Status:	Published
Refereed:	No
Open Archives Initiative ID (OAI ID):	oai:eprints.whiterose.ac.uk:122530

Download

Published Version

Filename: SSS_17_Alexander_Hawkins_and_Kelly.pdf

Description: SSS '17 Alexander Hawkins and Kelly

CLICK TO DOWNLOAD

[thumbnail of SSS '17 Alexander Hawkins and Kelly]

CORE (COnnecting REpositories)

From Safety Cases to Security Cases

Abstract

Metadata

Download

Published Version

Export

Statistics