Asset-driven Security Assurance Cases with Built-in Quality Assurance

Start Page
29
End Page
36
Article Number
9476061
Citation
IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
Contribution to Conference
IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems, EnCyCriS 2021  
Publisher DOI
10.1109/EnCyCriS52570.2021.00012
Scopus ID
2-s2.0-85113856949
Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about security of a certain system. SACs are gaining focus in the automotive domain as the needs for security assurance are growing. In this study, we present an approach for creating SAC. The approach is inspired by the upcoming security standards ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). We created the approach by extracting relevant requirements from ISO/SAE-21434 and illustrated it using an example case of the head lamp items provided in the standard. We found that the approach is applicable and helps to satisfy the requirements for security assurance in the standard as well as the internal compliance needs in an automotive OEM.
Subjects
assurance cases
automotive systems
security