SlideShare a Scribd company logo

Assurance Cases

Download as PPTX, PDF
R
RamnGonzlezRuiz2

This material provides a description of assurance cases, a key element in the CITADEL System Assurance and Certification. In addition, it also includes a set of assurance case argument patterns that can be used to develop these assurance cases. The assurance case patterns are instantiated by using AM-ETB and the system model in the CITADEL modeling language. As regards to the evaluation of Adaptive MILS assurance cases. it involves the analysis of the soundness of the assurance case, the integrity of the evidence supporting the claims made in the assurance case, and the certification of the Adaptive MILS system.

Engineering
1 of 39
Certification readiness strategy Training: assurance case methodology CITADEL training 1atsec information security AB
 Assurance cases  Developing assurance cases  Assurance cases in CITADEL  Assurance cases in evaluations  Automation of assurance case usage Agenda CITADEL training 2atsec information security AB
Assurance cases CITADEL training 3atsec information security AB
 An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.  The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.  The idea of structured argument is to facilitate modular comprehension and assessment of the case. CITADEL training 4 Assurance case atsec information security AB
Claim–argument–evidence CITADEL training 5atsec information security AB
 Persuasive argumentation and a strong, comprehensive set of requirements plays a major role in satisfying the claims of an assurance case.  However, the strength of the arguments and of the assurance case as a whole depend on the quality and completeness of the evidence to support high-assurance claims of security or safety.  Evidence of an assurance case may validate and verify the requirements through various types of evidence generation such as testing, simulations, audits and review of artefacts such as design and guidance documentation and life cycle processes.  In cases where there are multiple ways to demonstrate satisfaction of goals (i.e. based on different processes) the approach with the most convincing strategy and evidence is to be chosen. Evidence CITADEL training 6atsec information security AB
 The evidence to substantiate the claims made in an assurance case should not only consider the system itself, but should additionally take into account the operational environment of the system.  Therefore, the operational environment of the system should either be considered and included as part of the evidence, or incorporated as environmental assumptions.  Hence, it is necessary to specify assumptions under which the system or design satisfies the claims. Assumptions CITADEL training 7atsec information security AB
 Adaptive MILS systems employ Goal Structured Notation (GSN) for the development of assurance cases.  GSN assurance cases are constructed and visualised by a set of GSN elements that collectively establish a goal structure.  The following elements are used: GSN CITADEL training 8 Goal (claim) Strategy Context Undeveloped Goal Evidence Assumption atsec information security AB
 An assurance case does not replace any specific technique for analysis or for generating evidence. It shows the connection between used techniques and the high level claims.  An assurance case captures the rationale for why the results of the analyses support our high-level requirements and goals, and the context for this support (for example, the assumptions and scope of any models used). CITADEL training 9 Why assurance cases? atsec information security AB
Developing the assurance case CITADEL training 10atsec information security AB
 There are two different aspects to consider and make use of then developing an assurance case.  Assurance case argument patterns ● The process of developing an assurance case is simplified through the introduction of assurance case patterns. ● A catalogue of assurance case argument patterns is developed within the CITADEL project.  Regulatory standards ● The use of standards can offer various benefits, such as diminishes the limitations of assurance cases related to confirmation bias. (i.e. only showing that the system is secure, but not how it is protected against unsecure states. ● However, it may be difficult to directly apply standards to adaptive MILS systems, as they comprise a very fast moving field. Instead, the desired option would be a partly standardised approach towards the instantiation of the claims made in an argument-based assurance case, as well was evaluation and certification. Two aspects of assurance case CITADEL training 11atsec information security AB
 Patterns maintain the structure, but not the specific details, of an argument and therefore can be instantiated in multiple situations as appropriate.  By building a catalog of patterns (i.e., templates), it is possible to facilitate the process of assurance case creation and documentation.  Assurance case patterns offer the benefits of reuse and repeatability of process, as well as providing some notion of coverage or completeness of the evidence.  The pattern is instantiated using information provided in the system model. CITADEL training 12 Assurance case patterns atsec information security AB
 A partly standardised approach towards the instantiation of the claims made in argument- based assurance cases.  Comply to ISO/IEC 15026-2, and are extended with system-specific standards depending on the nature of the adaptive system.  Standard-based methods provide various benefits to the development and evaluation of assurance cases. 13 Standards-based assurance cases CITADEL trainingatsec information security AB
 Support the establishment of comprehensive security requirements.  providing higher assurance of the quality and precision of claims and sub-claims of which the assurance case is built up.  simplifies the evaluation of the sufficiency of the argument (during evaluation).  Aid in the specification of evidence required to demonstrate satisfaction of the requirements.  facilitating the assessment of the sufficiency of the evidence (during evaluation).  new standards may include new verification approaches to provide evidence that are better suited to adaptive systems.  Evaluate the system against a consistent set of requirements that are widely recognised.  time and costs required for certification are kept to a minimum.  adaptive systems are enabled to comply with certain standards demanded by legal requirements. Standards-based method benefits CITADEL training 14atsec information security AB
Assurance cases in CITADEL CITADEL training 15atsec information security AB
 CITADEL employs a modular approach  Components in the patterns may be modified, added or deleted at any time.  Both top-down as well as bottom-up. ● Top-down, we divide each claim into components whose conjunction implies the claim, and recurse down to sub-claims supported by evidence. ● Bottom-up, we treat each evidentially-supported sub-claim as an independently settled fact and conjoin these to produce higher-level sub-claims that combine recursively to deliver the top claim. 16 Adaptive MILS assurance case architecture CITADEL trainingatsec information security AB
17 Assurance case argument pattern structure CITADEL trainingatsec information security AB
 The patterns developed during the CITADEL project represent the top claims of the system, the Adaptive MILS planes and the operational plane.  The Adaptive MILS planes are largely static, i.e. the planes usually comprise the same sets of components.  System properties pattern  It is the top level pattern of an Adaptive MILS system.  Create argument that an Adaptive MILS system enforces its required properties. These properties may regard security, safety, function and real-time properties.  This pattern includes the Adaptive MILS planes. Patterns developed for CITADEL CITADEL training 18atsec information security AB
Top level Adaptive MILS argument CITADEL training 19atsec information security AB
 The planes consists of compositions and components, and the goal of the plane is satisfied when the compositional behaviour of the compositions and/or components included in that plane meet their local policies.  Also, the interaction between these must be ensured as specified in the security policy, which can be demonstrated through the interface argument.  Additional patterns exists as modules which can be added or removed into these plane patterns. The planes patterns CITADEL training 20atsec information security AB
 The operational plane is the application plane of an Adaptive MILS system.  It is the least pre-defined plane, and can be further developed manually depending on the safety and security goals of the application.  This means that it is not as static as the other Adaptive MILS planes.  A generic argument that the operational plane guarantees that it’s local policy is met. Operational plane CITADEL training 21atsec information security AB
 The foundational plane includes various foundation element components:  platform node(s), containing kernel instances ● An argument over each platform node and separation kernel instance are separated for data and processor time partitioning. ● An argument that configuration introspection is permitted by authorised subjects.  MILS network subsystem (NSM) instances  Time Sensitive Network (TSN) ● An argument to ensure that critical information is delivered timely and that bandwidth is optimised according to different levels of priority. Foundational plane CITADEL training 22atsec information security AB
 An argument that the monitoring plane provides a flexible framework for constructing monitoring applications to ensure continuous correct functioning of the Adaptive MILS system.  Arguments to obtain monitor data, analyse it for certain properties or anomalies, and trigger alarms or reports of the analysis results.  The plane supports state monitoring and communications monitoring. Monitoring plane CITADEL training 23atsec information security AB
 An argument that the adaptation plane ensures that adaptations preserve vital overarching properties defined for the system when developing the adaptation strategy to adapt to changing environmental conditions or dynamic repurposing of the system in real-time safety-critical environments.  The adaptation plane performs dynamic risk assessment based on context-awareness when developing adaptation strategies.  An argument that the context-awareness model is correct, sufficient and assures system safety. Adaptation plane CITADEL training 24atsec information security AB
 The configuration plane develops a reconfiguration plan, and mediates the use of the dynamic reconfiguration primitives to the separation kernel and the network by enforcing adaptation policies on proposed reconfiguration plans.  It states an argument that the plane ensures the establishment of correct configuration and reconfiguration plans for Adaptive MILS systems.  Also an argument of the dynamic reconfiguration capabilities. Configuration plane CITADEL training 25atsec information security AB
 It comprises the AM-ETB, which enables tool integration, as well as the verification and validation of results.  An argument that the plane verifies that the model (in current and next configurations chosen by the adaptation plane) satisfies the system properties, by generating, collecting and analysing evidence. Certification plane CITADEL training 26atsec information security AB
 While every claim in an assurance case should eventually end with an evidence node, each assurance case pattern does not necessarily end with an evidence node.  The pattern could, for instance, also be supported by other argument patterns that end with evidence nodes.  Such modular patterns have been defined within the CITADEL project… Additional argument patterns CITADEL training 27atsec information security AB
 Interface pattern  Create an argument that communication between components or compositions in the architecture only occurs via connections explicitly defined in the policy architecture.  Threat pattern  Create an argument that threats are sufficiently mitigated.  Modes and transitions / state and transitions patterns  Create arguments that modes/states and transitions between modes are in accordance with mode models and transition models.  Composition pattern  Create arguments that formally defined properties of a system are satisfied by a CITADEL system model and are faithfully implemented by an Adaptive MILS system.  Process (component) pattern  Create an argument for any process during the development, real-time adaptation and reconfiguration, and analysis of an Adaptive MILS system. Assurance case argument patterns CITADEL training 28atsec information security AB
 The process pattern may include one or more properties as modules within the process.  Tool pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Person pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Organisation pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Artefact pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Technique pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Trusted Software Component pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case. Process Properties Patterns CITADEL training 29atsec information security AB
Some examples: Monitoring Plane atsec information security AB CITADEL training 30
Some examples: Interface pattern atsec information security AB CITADEL training 31
32 Assurance cases in evaluations Evaluation CITADEL trainingatsec information security AB
 Before the evaluation, it should be ensured that the assurance case is correct.  The assurance case itself is reviewed. The soundness of the assurance case is verified based on four aspects.  These aspects are explained in the following slides.  Once it is determined that the assurance case is sound, we can use the assurance during the evaluation of an Adaptive MILS system.  The evaluation is performed by reviewing the assurance case. 33 Evaluation of the assurance case CITADEL trainingatsec information security AB
 Completeness of the assurance case  Shows the degree to which the assurance case has been finished by looking at instantiated and undeveloped claims.  Sufficiency of the arguments  Is the argument strong enough to support the conclusions being drawn? ● Standards-based assurance cases has potential to increase strength of an argument. (standards indicates requirements) Soundness of the assurance case CITADEL training 34atsec information security AB
 Sufficiency of evidence  Extent to which the evidence supports the argument.  The integrity and trustworthiness of evidence. ● If evidence collection and analysis process cannot be assured, evidence can be ruled as inadmissible. (tool qualification and assurance)  Sufficiency of assumptions  Extent to which assumptions support the arguments. ● Assumptions about the system ● Assumptions about the system’s environment Soundness of the assurance case CITADEL training 35atsec information security AB
 The assurance case is reviewed  This also focuses on the quality of the evidence.  Human interaction is required for interpretation of the assurance case.  Interactive presentation of the assurance case…  enables evaluator to encapsulate selected fragments, and review the assurance case fragment by fragment.  enables evaluator to indicate whether a claim is satisfied or not, and leave feedback.  shows comprehensive overview of the results or the evaluation + metric indicating security or safety of the adaptive system. Assurance case during evaluations CITADEL training 36atsec information security AB
 The performance of the adaptive mils system is determined on basis of the analysis of the evidence supporting each of the arguments of the entire assurance case.  While the analysis will require human judgement, automated tools may support the overall assurance case analysis.  The completeness of the requirements, adequacy of test case and absence of unintended behaviours should be evaluated with the assistance of the AM-ETB tool. Evaluation of performance CITADEL training 37atsec information security AB
Automation of assurance case usage CITADEL training 38atsec information security AB
 AM-ETB stands for Adaptive MILS Evidential Tool Bus.  The AM-ETB tool is used for this automation.  It supports the automatic instantiation of assurance case patterns.  For further information, please refer to the training material related to AM-ETB. AM-ETB CITADEL training 39atsec information security AB

Recommended

Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoringRamnGonzlezRuiz2
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation trainingRamnGonzlezRuiz2
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoringRamnGonzlezRuiz2
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsRamnGonzlezRuiz2
 
Citadel Platform Architecture
Citadel Platform ArchitectureCitadel Platform Architecture
Citadel Platform ArchitectureRamnGonzlezRuiz2
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and VerificationRamnGonzlezRuiz2
 
Towards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaTowards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaConference Papers
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesRan Wei
 

Recommended

Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoringRamnGonzlezRuiz2
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation trainingRamnGonzlezRuiz2
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoringRamnGonzlezRuiz2
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsRamnGonzlezRuiz2
 
Citadel Platform Architecture
Citadel Platform ArchitectureCitadel Platform Architecture
Citadel Platform ArchitectureRamnGonzlezRuiz2
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and VerificationRamnGonzlezRuiz2
 
Towards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaTowards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaConference Papers
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesRan Wei
 
MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveCSCJournals
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiabilityFrank Gielen
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Ákos Horváth
 
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...BOHR International Journal of Smart Computing and Information Technology
 
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...Kimberly Daich
 
The Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart ManufacturingThe Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart ManufacturingKimberly Daich
 
Configurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and ControlConfigurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and ControlCognizant
 
Models in the Cloud
Models in the CloudModels in the Cloud
Models in the CloudSimulationX
 
Ch8.testing
Ch8.testingCh8.testing
Ch8.testingsoftware-engineering-book
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application developmenteraser Juan José Calderón
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturingAlan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturingKimberly Daich
 
Ch1-Software Engineering 9
Ch1-Software Engineering 9Ch1-Software Engineering 9
Ch1-Software Engineering 9Ian Sommerville
 
A generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration systemA generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration systemConference Papers
 
Data warehouse system
Data warehouse systemData warehouse system
Data warehouse systemKhaled Darweesh
 
Roi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at CimetrixRoi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at CimetrixKimberly Daich
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
Engineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementEngineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementsoftware-engineering-book
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Amazon Web Services
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical ReviewISA Interchange
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 

More Related Content

What's hot

MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveCSCJournals
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiabilityFrank Gielen
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Ákos Horváth
 
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...Kimberly Daich
 
The Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart ManufacturingThe Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart ManufacturingKimberly Daich
 
Configurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and ControlConfigurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and ControlCognizant
 
Models in the Cloud
Models in the CloudModels in the Cloud
Models in the CloudSimulationX
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application developmenteraser Juan José Calderón
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld
 
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturingAlan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturingKimberly Daich
 
Ch1-Software Engineering 9
Ch1-Software Engineering 9Ch1-Software Engineering 9
Ch1-Software Engineering 9Ian Sommerville
 
A generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration systemA generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration systemConference Papers
 
Roi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at CimetrixRoi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at CimetrixKimberly Daich
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
Engineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementEngineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementsoftware-engineering-book
 

What's hot (18)

MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes Perspective
 
Sa 006 modifiability
Sa 006 modifiabilitySa 006 modifiability
Sa 006 modifiability
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
 
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...
A Practical Fault Tolerance Approach in Cloud Computing Using Support Vector ...
 
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
Addressing Connectivity Challenges of Disparate Data Sources in Smart Manufac...
 
The Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart ManufacturingThe Role of Models in Semiconductor Smart Manufacturing
The Role of Models in Semiconductor Smart Manufacturing
 
Configurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and ControlConfigurability for Cloud-Native Applications: Observability and Control
Configurability for Cloud-Native Applications: Observability and Control
 
Models in the Cloud
Models in the CloudModels in the Cloud
Models in the Cloud
 
Ch8.testing
Ch8.testingCh8.testing
Ch8.testing
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application development
 
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
VMworld 2013: Get on with Business - VMware Reference Architectures Help Stre...
 
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturingAlan weber semicon_integrated_equipment_data_collection_smart_manufacturing
Alan weber semicon_integrated_equipment_data_collection_smart_manufacturing
 
Ch1-Software Engineering 9
Ch1-Software Engineering 9Ch1-Software Engineering 9
Ch1-Software Engineering 9
 
A generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration systemA generic log analyzer for auto recovery of container orchestration system
A generic log analyzer for auto recovery of container orchestration system
 
Data warehouse system
Data warehouse systemData warehouse system
Data warehouse system
 
Roi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at CimetrixRoi-based Data Collection by Alan Weber at Cimetrix
Roi-based Data Collection by Alan Weber at Cimetrix
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1
 
Engineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementEngineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code management
 

Similar to Assurance Cases

Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Amazon Web Services
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical ReviewISA Interchange
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...SLA-Ready Network
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...ijcncs
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESMODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Kenji Taguchi
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned BlockchainIRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned BlockchainIRJET Journal
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automationjohnnywess
 
Narrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen officeNarrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen officePieter van Asten
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 

Similar to Assurance Cases (20)

Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESMODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned BlockchainIRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
 
Narrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen officeNarrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen office
 
E1802052327
E1802052327E1802052327
E1802052327
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
Zue2015Uncertainties
Zue2015UncertaintiesZue2015Uncertainties
Zue2015Uncertainties
 
Cc unit 4 updated version
Cc unit 4 updated versionCc unit 4 updated version
Cc unit 4 updated version
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 

More from RamnGonzlezRuiz2

Certification readiness strategy
Certification readiness strategyCertification readiness strategy
Certification readiness strategyRamnGonzlezRuiz2
 
Citadel training on context awareness solution
Citadel training on context awareness solutionCitadel training on context awareness solution
Citadel training on context awareness solutionRamnGonzlezRuiz2
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approachRamnGonzlezRuiz2
 
CITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesisCITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesisRamnGonzlezRuiz2
 
Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusRamnGonzlezRuiz2
 
State monitoring configuration
State monitoring configurationState monitoring configuration
State monitoring configurationRamnGonzlezRuiz2
 

More from RamnGonzlezRuiz2 (9)

Certification readiness strategy
Certification readiness strategyCertification readiness strategy
Certification readiness strategy
 
Citadel training on context awareness solution
Citadel training on context awareness solutionCitadel training on context awareness solution
Citadel training on context awareness solution
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
 
CITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesisCITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesis
 
Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
 
Configuring monitoring
Configuring monitoringConfiguring monitoring
Configuring monitoring
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
 
State monitoring configuration
State monitoring configurationState monitoring configuration
State monitoring configuration
 
Adaptation-Engine traning
Adaptation-Engine traningAdaptation-Engine traning
Adaptation-Engine traning
 

Recently uploaded

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGSIVASHANKAR N
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 

Recently uploaded (20)

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 

Assurance Cases

  • 1. Certification readiness strategy Training: assurance case methodology CITADEL training 1atsec information security AB
  • 2.  Assurance cases  Developing assurance cases  Assurance cases in CITADEL  Assurance cases in evaluations  Automation of assurance case usage Agenda CITADEL training 2atsec information security AB
  • 3. Assurance cases CITADEL training 3atsec information security AB
  • 4.  An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.  The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.  The idea of structured argument is to facilitate modular comprehension and assessment of the case. CITADEL training 4 Assurance case atsec information security AB
  • 6.  Persuasive argumentation and a strong, comprehensive set of requirements plays a major role in satisfying the claims of an assurance case.  However, the strength of the arguments and of the assurance case as a whole depend on the quality and completeness of the evidence to support high-assurance claims of security or safety.  Evidence of an assurance case may validate and verify the requirements through various types of evidence generation such as testing, simulations, audits and review of artefacts such as design and guidance documentation and life cycle processes.  In cases where there are multiple ways to demonstrate satisfaction of goals (i.e. based on different processes) the approach with the most convincing strategy and evidence is to be chosen. Evidence CITADEL training 6atsec information security AB
  • 7.  The evidence to substantiate the claims made in an assurance case should not only consider the system itself, but should additionally take into account the operational environment of the system.  Therefore, the operational environment of the system should either be considered and included as part of the evidence, or incorporated as environmental assumptions.  Hence, it is necessary to specify assumptions under which the system or design satisfies the claims. Assumptions CITADEL training 7atsec information security AB
  • 8.  Adaptive MILS systems employ Goal Structured Notation (GSN) for the development of assurance cases.  GSN assurance cases are constructed and visualised by a set of GSN elements that collectively establish a goal structure.  The following elements are used: GSN CITADEL training 8 Goal (claim) Strategy Context Undeveloped Goal Evidence Assumption atsec information security AB
  • 9.  An assurance case does not replace any specific technique for analysis or for generating evidence. It shows the connection between used techniques and the high level claims.  An assurance case captures the rationale for why the results of the analyses support our high-level requirements and goals, and the context for this support (for example, the assumptions and scope of any models used). CITADEL training 9 Why assurance cases? atsec information security AB
  • 10. Developing the assurance case CITADEL training 10atsec information security AB
  • 11.  There are two different aspects to consider and make use of then developing an assurance case.  Assurance case argument patterns ● The process of developing an assurance case is simplified through the introduction of assurance case patterns. ● A catalogue of assurance case argument patterns is developed within the CITADEL project.  Regulatory standards ● The use of standards can offer various benefits, such as diminishes the limitations of assurance cases related to confirmation bias. (i.e. only showing that the system is secure, but not how it is protected against unsecure states. ● However, it may be difficult to directly apply standards to adaptive MILS systems, as they comprise a very fast moving field. Instead, the desired option would be a partly standardised approach towards the instantiation of the claims made in an argument-based assurance case, as well was evaluation and certification. Two aspects of assurance case CITADEL training 11atsec information security AB
  • 12.  Patterns maintain the structure, but not the specific details, of an argument and therefore can be instantiated in multiple situations as appropriate.  By building a catalog of patterns (i.e., templates), it is possible to facilitate the process of assurance case creation and documentation.  Assurance case patterns offer the benefits of reuse and repeatability of process, as well as providing some notion of coverage or completeness of the evidence.  The pattern is instantiated using information provided in the system model. CITADEL training 12 Assurance case patterns atsec information security AB
  • 13.  A partly standardised approach towards the instantiation of the claims made in argument- based assurance cases.  Comply to ISO/IEC 15026-2, and are extended with system-specific standards depending on the nature of the adaptive system.  Standard-based methods provide various benefits to the development and evaluation of assurance cases. 13 Standards-based assurance cases CITADEL trainingatsec information security AB
  • 14.  Support the establishment of comprehensive security requirements.  providing higher assurance of the quality and precision of claims and sub-claims of which the assurance case is built up.  simplifies the evaluation of the sufficiency of the argument (during evaluation).  Aid in the specification of evidence required to demonstrate satisfaction of the requirements.  facilitating the assessment of the sufficiency of the evidence (during evaluation).  new standards may include new verification approaches to provide evidence that are better suited to adaptive systems.  Evaluate the system against a consistent set of requirements that are widely recognised.  time and costs required for certification are kept to a minimum.  adaptive systems are enabled to comply with certain standards demanded by legal requirements. Standards-based method benefits CITADEL training 14atsec information security AB
  • 15. Assurance cases in CITADEL CITADEL training 15atsec information security AB
  • 16.  CITADEL employs a modular approach  Components in the patterns may be modified, added or deleted at any time.  Both top-down as well as bottom-up. ● Top-down, we divide each claim into components whose conjunction implies the claim, and recurse down to sub-claims supported by evidence. ● Bottom-up, we treat each evidentially-supported sub-claim as an independently settled fact and conjoin these to produce higher-level sub-claims that combine recursively to deliver the top claim. 16 Adaptive MILS assurance case architecture CITADEL trainingatsec information security AB
  • 17. 17 Assurance case argument pattern structure CITADEL trainingatsec information security AB
  • 18.  The patterns developed during the CITADEL project represent the top claims of the system, the Adaptive MILS planes and the operational plane.  The Adaptive MILS planes are largely static, i.e. the planes usually comprise the same sets of components.  System properties pattern  It is the top level pattern of an Adaptive MILS system.  Create argument that an Adaptive MILS system enforces its required properties. These properties may regard security, safety, function and real-time properties.  This pattern includes the Adaptive MILS planes. Patterns developed for CITADEL CITADEL training 18atsec information security AB
  • 19. Top level Adaptive MILS argument CITADEL training 19atsec information security AB
  • 20.  The planes consists of compositions and components, and the goal of the plane is satisfied when the compositional behaviour of the compositions and/or components included in that plane meet their local policies.  Also, the interaction between these must be ensured as specified in the security policy, which can be demonstrated through the interface argument.  Additional patterns exists as modules which can be added or removed into these plane patterns. The planes patterns CITADEL training 20atsec information security AB
  • 21.  The operational plane is the application plane of an Adaptive MILS system.  It is the least pre-defined plane, and can be further developed manually depending on the safety and security goals of the application.  This means that it is not as static as the other Adaptive MILS planes.  A generic argument that the operational plane guarantees that it’s local policy is met. Operational plane CITADEL training 21atsec information security AB
  • 22.  The foundational plane includes various foundation element components:  platform node(s), containing kernel instances ● An argument over each platform node and separation kernel instance are separated for data and processor time partitioning. ● An argument that configuration introspection is permitted by authorised subjects.  MILS network subsystem (NSM) instances  Time Sensitive Network (TSN) ● An argument to ensure that critical information is delivered timely and that bandwidth is optimised according to different levels of priority. Foundational plane CITADEL training 22atsec information security AB
  • 23.  An argument that the monitoring plane provides a flexible framework for constructing monitoring applications to ensure continuous correct functioning of the Adaptive MILS system.  Arguments to obtain monitor data, analyse it for certain properties or anomalies, and trigger alarms or reports of the analysis results.  The plane supports state monitoring and communications monitoring. Monitoring plane CITADEL training 23atsec information security AB
  • 24.  An argument that the adaptation plane ensures that adaptations preserve vital overarching properties defined for the system when developing the adaptation strategy to adapt to changing environmental conditions or dynamic repurposing of the system in real-time safety-critical environments.  The adaptation plane performs dynamic risk assessment based on context-awareness when developing adaptation strategies.  An argument that the context-awareness model is correct, sufficient and assures system safety. Adaptation plane CITADEL training 24atsec information security AB
  • 25.  The configuration plane develops a reconfiguration plan, and mediates the use of the dynamic reconfiguration primitives to the separation kernel and the network by enforcing adaptation policies on proposed reconfiguration plans.  It states an argument that the plane ensures the establishment of correct configuration and reconfiguration plans for Adaptive MILS systems.  Also an argument of the dynamic reconfiguration capabilities. Configuration plane CITADEL training 25atsec information security AB
  • 26.  It comprises the AM-ETB, which enables tool integration, as well as the verification and validation of results.  An argument that the plane verifies that the model (in current and next configurations chosen by the adaptation plane) satisfies the system properties, by generating, collecting and analysing evidence. Certification plane CITADEL training 26atsec information security AB
  • 27.  While every claim in an assurance case should eventually end with an evidence node, each assurance case pattern does not necessarily end with an evidence node.  The pattern could, for instance, also be supported by other argument patterns that end with evidence nodes.  Such modular patterns have been defined within the CITADEL project… Additional argument patterns CITADEL training 27atsec information security AB
  • 28.  Interface pattern  Create an argument that communication between components or compositions in the architecture only occurs via connections explicitly defined in the policy architecture.  Threat pattern  Create an argument that threats are sufficiently mitigated.  Modes and transitions / state and transitions patterns  Create arguments that modes/states and transitions between modes are in accordance with mode models and transition models.  Composition pattern  Create arguments that formally defined properties of a system are satisfied by a CITADEL system model and are faithfully implemented by an Adaptive MILS system.  Process (component) pattern  Create an argument for any process during the development, real-time adaptation and reconfiguration, and analysis of an Adaptive MILS system. Assurance case argument patterns CITADEL training 28atsec information security AB
  • 29.  The process pattern may include one or more properties as modules within the process.  Tool pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Person pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Organisation pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Artefact pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Technique pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Trusted Software Component pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case. Process Properties Patterns CITADEL training 29atsec information security AB
  • 30. Some examples: Monitoring Plane atsec information security AB CITADEL training 30
  • 31. Some examples: Interface pattern atsec information security AB CITADEL training 31
  • 32. 32 Assurance cases in evaluations Evaluation CITADEL trainingatsec information security AB
  • 33.  Before the evaluation, it should be ensured that the assurance case is correct.  The assurance case itself is reviewed. The soundness of the assurance case is verified based on four aspects.  These aspects are explained in the following slides.  Once it is determined that the assurance case is sound, we can use the assurance during the evaluation of an Adaptive MILS system.  The evaluation is performed by reviewing the assurance case. 33 Evaluation of the assurance case CITADEL trainingatsec information security AB
  • 34.  Completeness of the assurance case  Shows the degree to which the assurance case has been finished by looking at instantiated and undeveloped claims.  Sufficiency of the arguments  Is the argument strong enough to support the conclusions being drawn? ● Standards-based assurance cases has potential to increase strength of an argument. (standards indicates requirements) Soundness of the assurance case CITADEL training 34atsec information security AB
  • 35.  Sufficiency of evidence  Extent to which the evidence supports the argument.  The integrity and trustworthiness of evidence. ● If evidence collection and analysis process cannot be assured, evidence can be ruled as inadmissible. (tool qualification and assurance)  Sufficiency of assumptions  Extent to which assumptions support the arguments. ● Assumptions about the system ● Assumptions about the system’s environment Soundness of the assurance case CITADEL training 35atsec information security AB
  • 36.  The assurance case is reviewed  This also focuses on the quality of the evidence.  Human interaction is required for interpretation of the assurance case.  Interactive presentation of the assurance case…  enables evaluator to encapsulate selected fragments, and review the assurance case fragment by fragment.  enables evaluator to indicate whether a claim is satisfied or not, and leave feedback.  shows comprehensive overview of the results or the evaluation + metric indicating security or safety of the adaptive system. Assurance case during evaluations CITADEL training 36atsec information security AB
  • 37.  The performance of the adaptive mils system is determined on basis of the analysis of the evidence supporting each of the arguments of the entire assurance case.  While the analysis will require human judgement, automated tools may support the overall assurance case analysis.  The completeness of the requirements, adequacy of test case and absence of unintended behaviours should be evaluated with the assistance of the AM-ETB tool. Evaluation of performance CITADEL training 37atsec information security AB
  • 38. Automation of assurance case usage CITADEL training 38atsec information security AB
  • 39.  AM-ETB stands for Adaptive MILS Evidential Tool Bus.  The AM-ETB tool is used for this automation.  It supports the automatic instantiation of assurance case patterns.  For further information, please refer to the training material related to AM-ETB. AM-ETB CITADEL training 39atsec information security AB