Alexander, Robert David orcid.org/0000-0003-3818-0310, Hawkins, Richard David orcid.org/0000-0001-7347-3413 and Kelly, Timothy Patrick orcid.org/0000-0002-7385-2031 (2017) From Safety Cases to Security Cases. In: UNSPECIFIED.
Abstract
Assurance cases are widely used in the safely domain, where they pro-vide a way to justify the safety of a system and render that justification open to review. Assurance cases have not been widely used in security, but there is guid-ance available and there have been some promising experiments. There are a number of differences between safety and security which have implications for how we create security cases, but they do not appear to be insurmountable. It appears that the process of creating a security case is compatible with typical evaluation processes, and will have additional benefits in terms of training and corporate memory. In this paper we discuss some of the implications and chal-lenges of applying the practice of assurance case construction from the safety domain to the security domain.
Metadata
Item Type: | Conference or Workshop Item |
---|---|
Authors/Creators: |
|
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 17 Oct 2017 14:15 |
Last Modified: | 25 Feb 2025 00:13 |
Status: | Published |
Refereed: | No |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:122530 |
Download
Filename: SSS_17_Alexander_Hawkins_and_Kelly.pdf
Description: SSS '17 Alexander Hawkins and Kelly