SlideShare a Scribd company logo

Certification readiness strategy

Download as PPTX, PDF
R
RamnGonzlezRuiz2

An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates. The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims. The idea of structured argument is to facilitate modular comprehension and assessment of the case.

Engineering
1 of 39
Certification readiness strategy Training: assurance case methodology CITADEL training 1atsec information security AB
 Assurance cases  Developing assurance cases  Assurance cases in CITADEL  Assurance cases in evaluations  Automation of assurance case usage Agenda CITADEL training 2atsec information security AB
Assurance cases CITADEL training 3atsec information security AB
 An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.  The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.  The idea of structured argument is to facilitate modular comprehension and assessment of the case. CITADEL training 4 Assurance case atsec information security AB
Claim–argument–evidence CITADEL training 5atsec information security AB
 Persuasive argumentation and a strong, comprehensive set of requirements plays a major role in satisfying the claims of an assurance case.  However, the strength of the arguments and of the assurance case as a whole depend on the quality and completeness of the evidence to support high-assurance claims of security or safety.  Evidence of an assurance case may validate and verify the requirements through various types of evidence generation such as testing, simulations, audits and review of artefacts such as design and guidance documentation and life cycle processes.  In cases where there are multiple ways to demonstrate satisfaction of goals (i.e. based on different processes) the approach with the most convincing strategy and evidence is to be chosen. Evidence CITADEL training 6atsec information security AB
 The evidence to substantiate the claims made in an assurance case should not only consider the system itself, but should additionally take into account the operational environment of the system.  Therefore, the operational environment of the system should either be considered and included as part of the evidence, or incorporated as environmental assumptions.  Hence, it is necessary to specify assumptions under which the system or design satisfies the claims. Assumptions CITADEL training 7atsec information security AB
 Adaptive MILS systems employ Goal Structured Notation (GSN) for the development of assurance cases.  GSN assurance cases are constructed and visualised by a set of GSN elements that collectively establish a goal structure.  The following elements are used: GSN CITADEL training 8 Goal (claim) Strategy Context Undeveloped Goal Evidence Assumption atsec information security AB
 An assurance case does not replace any specific technique for analysis or for generating evidence. It shows the connection between used techniques and the high level claims.  An assurance case captures the rationale for why the results of the analyses support our high-level requirements and goals, and the context for this support (for example, the assumptions and scope of any models used). CITADEL training 9 Why assurance cases? atsec information security AB
Developing the assurance case CITADEL training 10atsec information security AB
 There are two different aspects to consider and make use of then developing an assurance case.  Assurance case argument patterns ● The process of developing an assurance case is simplified through the introduction of assurance case patterns. ● A catalogue of assurance case argument patterns is developed within the CITADEL project.  Regulatory standards ● The use of standards can offer various benefits, such as diminishes the limitations of assurance cases related to confirmation bias. (i.e. only showing that the system is secure, but not how it is protected against unsecure states. ● However, it may be difficult to directly apply standards to adaptive MILS systems, as they comprise a very fast moving field. Instead, the desired option would be a partly standardised approach towards the instantiation of the claims made in an argument-based assurance case, as well was evaluation and certification. Two aspects of assurance case CITADEL training 11atsec information security AB
 Patterns maintain the structure, but not the specific details, of an argument and therefore can be instantiated in multiple situations as appropriate.  By building a catalog of patterns (i.e., templates), it is possible to facilitate the process of assurance case creation and documentation.  Assurance case patterns offer the benefits of reuse and repeatability of process, as well as providing some notion of coverage or completeness of the evidence.  The pattern is instantiated using information provided in the system model. CITADEL training 12 Assurance case patterns atsec information security AB
 A partly standardised approach towards the instantiation of the claims made in argument- based assurance cases.  Comply to ISO/IEC 15026-2, and are extended with system-specific standards depending on the nature of the adaptive system.  Standard-based methods provide various benefits to the development and evaluation of assurance cases. 13 Standards-based assurance cases CITADEL trainingatsec information security AB
 Support the establishment of comprehensive security requirements.  providing higher assurance of the quality and precision of claims and sub-claims of which the assurance case is built up.  simplifies the evaluation of the sufficiency of the argument (during evaluation).  Aid in the specification of evidence required to demonstrate satisfaction of the requirements.  facilitating the assessment of the sufficiency of the evidence (during evaluation).  new standards may include new verification approaches to provide evidence that are better suited to adaptive systems.  Evaluate the system against a consistent set of requirements that are widely recognised.  time and costs required for certification are kept to a minimum.  adaptive systems are enabled to comply with certain standards demanded by legal requirements. Standards-based method benefits CITADEL training 14atsec information security AB
Assurance cases in CITADEL CITADEL training 15atsec information security AB
 CITADEL employs a modular approach  Components in the patterns may be modified, added or deleted at any time.  Both top-down as well as bottom-up. ● Top-down, we divide each claim into components whose conjunction implies the claim, and recurse down to sub-claims supported by evidence. ● Bottom-up, we treat each evidentially-supported sub-claim as an independently settled fact and conjoin these to produce higher-level sub-claims that combine recursively to deliver the top claim. 16 Adaptive MILS assurance case architecture CITADEL trainingatsec information security AB
17 Assurance case argument pattern structure CITADEL trainingatsec information security AB
 The patterns developed during the CITADEL project represent the top claims of the system, the Adaptive MILS planes and the operational plane.  The Adaptive MILS planes are largely static, i.e. the planes usually comprise the same sets of components.  System properties pattern  It is the top level pattern of an Adaptive MILS system.  Create argument that an Adaptive MILS system enforces its required properties. These properties may regard security, safety, function and real-time properties.  This pattern includes the Adaptive MILS planes. Patterns developed for CITADEL CITADEL training 18atsec information security AB
Top level Adaptive MILS argument CITADEL training 19atsec information security AB
 The planes consists of compositions and components, and the goal of the plane is satisfied when the compositional behaviour of the compositions and/or components included in that plane meet their local policies.  Also, the interaction between these must be ensured as specified in the security policy, which can be demonstrated through the interface argument.  Additional patterns exists as modules which can be added or removed into these plane patterns. The planes patterns CITADEL training 20atsec information security AB
 The operational plane is the application plane of an Adaptive MILS system.  It is the least pre-defined plane, and can be further developed manually depending on the safety and security goals of the application.  This means that it is not as static as the other Adaptive MILS planes.  A generic argument that the operational plane guarantees that it’s local policy is met. Operational plane CITADEL training 21atsec information security AB
 The foundational plane includes various foundation element components:  platform node(s), containing kernel instances ● An argument over each platform node and separation kernel instance are separated for data and processor time partitioning. ● An argument that configuration introspection is permitted by authorised subjects.  MILS network subsystem (NSM) instances  Time Sensitive Network (TSN) ● An argument to ensure that critical information is delivered timely and that bandwidth is optimised according to different levels of priority. Foundational plane CITADEL training 22atsec information security AB
 An argument that the monitoring plane provides a flexible framework for constructing monitoring applications to ensure continuous correct functioning of the Adaptive MILS system.  Arguments to obtain monitor data, analyse it for certain properties or anomalies, and trigger alarms or reports of the analysis results.  The plane supports state monitoring and communications monitoring. Monitoring plane CITADEL training 23atsec information security AB
 An argument that the adaptation plane ensures that adaptations preserve vital overarching properties defined for the system when developing the adaptation strategy to adapt to changing environmental conditions or dynamic repurposing of the system in real-time safety-critical environments.  The adaptation plane performs dynamic risk assessment based on context-awareness when developing adaptation strategies.  An argument that the context-awareness model is correct, sufficient and assures system safety. Adaptation plane CITADEL training 24atsec information security AB
 The configuration plane develops a reconfiguration plan, and mediates the use of the dynamic reconfiguration primitives to the separation kernel and the network by enforcing adaptation policies on proposed reconfiguration plans.  It states an argument that the plane ensures the establishment of correct configuration and reconfiguration plans for Adaptive MILS systems.  Also an argument of the dynamic reconfiguration capabilities. Configuration plane CITADEL training 25atsec information security AB
 It comprises the AM-ETB, which enables tool integration, as well as the verification and validation of results.  An argument that the plane verifies that the model (in current and next configurations chosen by the adaptation plane) satisfies the system properties, by generating, collecting and analysing evidence. Certification plane CITADEL training 26atsec information security AB
 While every claim in an assurance case should eventually end with an evidence node, each assurance case pattern does not necessarily end with an evidence node.  The pattern could, for instance, also be supported by other argument patterns that end with evidence nodes.  Such modular patterns have been defined within the CITADEL project… Additional argument patterns CITADEL training 27atsec information security AB
 Interface pattern  Create an argument that communication between components or compositions in the architecture only occurs via connections explicitly defined in the policy architecture.  Threat pattern  Create an argument that threats are sufficiently mitigated.  Modes and transitions / state and transitions patterns  Create arguments that modes/states and transitions between modes are in accordance with mode models and transition models.  Composition pattern  Create arguments that formally defined properties of a system are satisfied by a CITADEL system model and are faithfully implemented by an Adaptive MILS system.  Process (component) pattern  Create an argument for any process during the development, real-time adaptation and reconfiguration, and analysis of an Adaptive MILS system. Assurance case argument patterns CITADEL training 28atsec information security AB
 The process pattern may include one or more properties as modules within the process.  Tool pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Person pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Organisation pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Artefact pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Technique pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Trusted Software Component pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case. Process Properties Patterns CITADEL training 29atsec information security AB
Some examples: Monitoring Plane atsec information security AB CITADEL training 30
Some examples: Interface pattern atsec information security AB CITADEL training 31
32 Assurance cases in evaluations Evaluation CITADEL trainingatsec information security AB
 Before the evaluation, it should be ensured that the assurance case is correct.  The assurance case itself is reviewed. The soundness of the assurance case is verified based on four aspects.  These aspects are explained in the following slides.  Once it is determined that the assurance case is sound, we can use the assurance during the evaluation of an Adaptive MILS system.  The evaluation is performed by reviewing the assurance case. 33 Evaluation of the assurance case CITADEL trainingatsec information security AB
 Completeness of the assurance case  Shows the degree to which the assurance case has been finished by looking at instantiated and undeveloped claims.  Sufficiency of the arguments  Is the argument strong enough to support the conclusions being drawn? ● Standards-based assurance cases has potential to increase strength of an argument. (standards indicates requirements) Soundness of the assurance case CITADEL training 34atsec information security AB
 Sufficiency of evidence  Extent to which the evidence supports the argument.  The integrity and trustworthiness of evidence. ● If evidence collection and analysis process cannot be assured, evidence can be ruled as inadmissible. (tool qualification and assurance)  Sufficiency of assumptions  Extent to which assumptions support the arguments. ● Assumptions about the system ● Assumptions about the system’s environment Soundness of the assurance case CITADEL training 35atsec information security AB
 The assurance case is reviewed  This also focuses on the quality of the evidence.  Human interaction is required for interpretation of the assurance case.  Interactive presentation of the assurance case…  enables evaluator to encapsulate selected fragments, and review the assurance case fragment by fragment.  enables evaluator to indicate whether a claim is satisfied or not, and leave feedback.  shows comprehensive overview of the results or the evaluation + metric indicating security or safety of the adaptive system. Assurance case during evaluations CITADEL training 36atsec information security AB
 The performance of the adaptive mils system is determined on basis of the analysis of the evidence supporting each of the arguments of the entire assurance case.  While the analysis will require human judgement, automated tools may support the overall assurance case analysis.  The completeness of the requirements, adequacy of test case and absence of unintended behaviours should be evaluated with the assistance of the AM-ETB tool. Evaluation of performance CITADEL training 37atsec information security AB
Automation of assurance case usage CITADEL training 38atsec information security AB
 AM-ETB stands for Adaptive MILS Evidential Tool Bus.  The AM-ETB tool is used for this automation.  It supports the automatic instantiation of assurance case patterns.  For further information, please refer to the training material related to AM-ETB. AM-ETB CITADEL training 39atsec information security AB

Recommended

Assurance Cases
Assurance CasesAssurance Cases
Assurance Cases
RamnGonzlezRuiz2
 
Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoring
RamnGonzlezRuiz2
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
RamnGonzlezRuiz2
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation training
RamnGonzlezRuiz2
 
Citadel Platform Architecture
Citadel Platform ArchitectureCitadel Platform Architecture
Citadel Platform Architecture
RamnGonzlezRuiz2
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
RamnGonzlezRuiz2
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoring
RamnGonzlezRuiz2
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification Tools
RamnGonzlezRuiz2
 

Recommended

Assurance Cases
Assurance CasesAssurance Cases
Assurance Cases
RamnGonzlezRuiz2
 
Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoring
RamnGonzlezRuiz2
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
RamnGonzlezRuiz2
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation training
RamnGonzlezRuiz2
 
Citadel Platform Architecture
Citadel Platform ArchitectureCitadel Platform Architecture
Citadel Platform Architecture
RamnGonzlezRuiz2
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
RamnGonzlezRuiz2
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoring
RamnGonzlezRuiz2
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification Tools
RamnGonzlezRuiz2
 
Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
RamnGonzlezRuiz2
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
RamnGonzlezRuiz2
 
Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014
SILKAN
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance Cases
Ran Wei
 
MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes Perspective
CSCJournals
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Ákos Horváth
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application development
eraser Juan José Calderón
 
Towards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaTowards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysia
Conference Papers
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
IJECEIAES
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK SultanINFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
csandit
 
Adm Workshop Program
Adm Workshop ProgramAdm Workshop Program
Adm Workshop Program
Emmanuel Fuchs
 
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Deltares
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
Obeo
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Amazon Web Services
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
John Yeoh
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
ISA Interchange
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
SLA-Ready Network
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
ijcncs
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESMODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 

More Related Content

What's hot

Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
RamnGonzlezRuiz2
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
RamnGonzlezRuiz2
 
Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014
SILKAN
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance Cases
Ran Wei
 
MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes Perspective
CSCJournals
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Ákos Horváth
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application development
eraser Juan José Calderón
 
Towards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaTowards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysia
Conference Papers
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
IJECEIAES
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK SultanINFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
csandit
 
Adm Workshop Program
Adm Workshop ProgramAdm Workshop Program
Adm Workshop Program
Emmanuel Fuchs
 
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Deltares
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
Obeo
 

What's hot (13)

Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
 
Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014Silkan - Uses Cases - may 2014
Silkan - Uses Cases - may 2014
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance Cases
 
MVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes PerspectiveMVC Architecture from Maintenance Quality Attributes Perspective
MVC Architecture from Maintenance Quality Attributes Perspective
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
 
2016 state of industrial internet application development
2016 state of industrial internet application development2016 state of industrial internet application development
2016 state of industrial internet application development
 
Towards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysiaTowards predictive maintenance for marine sector in malaysia
Towards predictive maintenance for marine sector in malaysia
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK SultanINFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
INFORMATION SECURITY MATURITY MODEL FOR NIST CYBER SECURITY FRAMEWORK Sultan
 
Adm Workshop Program
Adm Workshop ProgramAdm Workshop Program
Adm Workshop Program
 
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
Dsd int 2014 - open mi symposium - federated modelling of critical infrastruc...
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
 

Similar to Certification readiness strategy

Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Amazon Web Services
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
John Yeoh
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
ISA Interchange
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
SLA-Ready Network
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
ijcncs
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESMODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
ijwscjournal
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned BlockchainIRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET Journal
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
johnnywess
 
Narrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen officeNarrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen office
Pieter van Asten
 
E1802052327
E1802052327E1802052327
E1802052327
IOSR Journals
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
Zue2015Uncertainties
Zue2015UncertaintiesZue2015Uncertainties
Zue2015Uncertainties
William Chipman
 
Cc unit 4 updated version
Cc unit 4 updated versionCc unit 4 updated version
Cc unit 4 updated version
Dr. Radhey Shyam
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
Vincenzo De Florio
 

Similar to Certification readiness strategy (20)

Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Security Certification - Critical Review
Security Certification - Critical ReviewSecurity Certification - Critical Review
Security Certification - Critical Review
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
 
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Fram...
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESMODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned BlockchainIRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
IRJET - Precise and Efficient Processing of Data in Permissioned Blockchain
 
Information security management guidance for discrete automation
Information security management guidance for discrete automationInformation security management guidance for discrete automation
Information security management guidance for discrete automation
 
Narrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen officeNarrative Offshore Europe 2015-LRED-Aberdeen office
Narrative Offshore Europe 2015-LRED-Aberdeen office
 
E1802052327
E1802052327E1802052327
E1802052327
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
Zue2015Uncertainties
Zue2015UncertaintiesZue2015Uncertainties
Zue2015Uncertainties
 
Cc unit 4 updated version
Cc unit 4 updated versionCc unit 4 updated version
Cc unit 4 updated version
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 

Recently uploaded

Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
KrishnaveniKrishnara1
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
NazakatAliKhoso2
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
sachin chaurasia
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
wisnuprabawa3
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
SUTEJAS
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
mamamaam477
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
abbyasa1014
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
zubairahmad848137
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 

Recently uploaded (20)

Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.The Python for beginners. This is an advance computer language.
The Python for beginners. This is an advance computer language.
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
New techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdfNew techniques for characterising damage in rock slopes.pdf
New techniques for characterising damage in rock slopes.pdf
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 

Certification readiness strategy

  • 1. Certification readiness strategy Training: assurance case methodology CITADEL training 1atsec information security AB
  • 2.  Assurance cases  Developing assurance cases  Assurance cases in CITADEL  Assurance cases in evaluations  Automation of assurance case usage Agenda CITADEL training 2atsec information security AB
  • 3. Assurance cases CITADEL training 3atsec information security AB
  • 4.  An assurance case provides an argument to justify certain claims about a system, based on evidence concerning both the system and the environment in which it operates.  The principal advance offered by assurance cases compared to other forms of assurance is provision of an explicit argument connecting evidence to claims.  The idea of structured argument is to facilitate modular comprehension and assessment of the case. CITADEL training 4 Assurance case atsec information security AB
  • 6.  Persuasive argumentation and a strong, comprehensive set of requirements plays a major role in satisfying the claims of an assurance case.  However, the strength of the arguments and of the assurance case as a whole depend on the quality and completeness of the evidence to support high-assurance claims of security or safety.  Evidence of an assurance case may validate and verify the requirements through various types of evidence generation such as testing, simulations, audits and review of artefacts such as design and guidance documentation and life cycle processes.  In cases where there are multiple ways to demonstrate satisfaction of goals (i.e. based on different processes) the approach with the most convincing strategy and evidence is to be chosen. Evidence CITADEL training 6atsec information security AB
  • 7.  The evidence to substantiate the claims made in an assurance case should not only consider the system itself, but should additionally take into account the operational environment of the system.  Therefore, the operational environment of the system should either be considered and included as part of the evidence, or incorporated as environmental assumptions.  Hence, it is necessary to specify assumptions under which the system or design satisfies the claims. Assumptions CITADEL training 7atsec information security AB
  • 8.  Adaptive MILS systems employ Goal Structured Notation (GSN) for the development of assurance cases.  GSN assurance cases are constructed and visualised by a set of GSN elements that collectively establish a goal structure.  The following elements are used: GSN CITADEL training 8 Goal (claim) Strategy Context Undeveloped Goal Evidence Assumption atsec information security AB
  • 9.  An assurance case does not replace any specific technique for analysis or for generating evidence. It shows the connection between used techniques and the high level claims.  An assurance case captures the rationale for why the results of the analyses support our high-level requirements and goals, and the context for this support (for example, the assumptions and scope of any models used). CITADEL training 9 Why assurance cases? atsec information security AB
  • 10. Developing the assurance case CITADEL training 10atsec information security AB
  • 11.  There are two different aspects to consider and make use of then developing an assurance case.  Assurance case argument patterns ● The process of developing an assurance case is simplified through the introduction of assurance case patterns. ● A catalogue of assurance case argument patterns is developed within the CITADEL project.  Regulatory standards ● The use of standards can offer various benefits, such as diminishes the limitations of assurance cases related to confirmation bias. (i.e. only showing that the system is secure, but not how it is protected against unsecure states. ● However, it may be difficult to directly apply standards to adaptive MILS systems, as they comprise a very fast moving field. Instead, the desired option would be a partly standardised approach towards the instantiation of the claims made in an argument-based assurance case, as well was evaluation and certification. Two aspects of assurance case CITADEL training 11atsec information security AB
  • 12.  Patterns maintain the structure, but not the specific details, of an argument and therefore can be instantiated in multiple situations as appropriate.  By building a catalog of patterns (i.e., templates), it is possible to facilitate the process of assurance case creation and documentation.  Assurance case patterns offer the benefits of reuse and repeatability of process, as well as providing some notion of coverage or completeness of the evidence.  The pattern is instantiated using information provided in the system model. CITADEL training 12 Assurance case patterns atsec information security AB
  • 13.  A partly standardised approach towards the instantiation of the claims made in argument- based assurance cases.  Comply to ISO/IEC 15026-2, and are extended with system-specific standards depending on the nature of the adaptive system.  Standard-based methods provide various benefits to the development and evaluation of assurance cases. 13 Standards-based assurance cases CITADEL trainingatsec information security AB
  • 14.  Support the establishment of comprehensive security requirements.  providing higher assurance of the quality and precision of claims and sub-claims of which the assurance case is built up.  simplifies the evaluation of the sufficiency of the argument (during evaluation).  Aid in the specification of evidence required to demonstrate satisfaction of the requirements.  facilitating the assessment of the sufficiency of the evidence (during evaluation).  new standards may include new verification approaches to provide evidence that are better suited to adaptive systems.  Evaluate the system against a consistent set of requirements that are widely recognised.  time and costs required for certification are kept to a minimum.  adaptive systems are enabled to comply with certain standards demanded by legal requirements. Standards-based method benefits CITADEL training 14atsec information security AB
  • 15. Assurance cases in CITADEL CITADEL training 15atsec information security AB
  • 16.  CITADEL employs a modular approach  Components in the patterns may be modified, added or deleted at any time.  Both top-down as well as bottom-up. ● Top-down, we divide each claim into components whose conjunction implies the claim, and recurse down to sub-claims supported by evidence. ● Bottom-up, we treat each evidentially-supported sub-claim as an independently settled fact and conjoin these to produce higher-level sub-claims that combine recursively to deliver the top claim. 16 Adaptive MILS assurance case architecture CITADEL trainingatsec information security AB
  • 17. 17 Assurance case argument pattern structure CITADEL trainingatsec information security AB
  • 18.  The patterns developed during the CITADEL project represent the top claims of the system, the Adaptive MILS planes and the operational plane.  The Adaptive MILS planes are largely static, i.e. the planes usually comprise the same sets of components.  System properties pattern  It is the top level pattern of an Adaptive MILS system.  Create argument that an Adaptive MILS system enforces its required properties. These properties may regard security, safety, function and real-time properties.  This pattern includes the Adaptive MILS planes. Patterns developed for CITADEL CITADEL training 18atsec information security AB
  • 19. Top level Adaptive MILS argument CITADEL training 19atsec information security AB
  • 20.  The planes consists of compositions and components, and the goal of the plane is satisfied when the compositional behaviour of the compositions and/or components included in that plane meet their local policies.  Also, the interaction between these must be ensured as specified in the security policy, which can be demonstrated through the interface argument.  Additional patterns exists as modules which can be added or removed into these plane patterns. The planes patterns CITADEL training 20atsec information security AB
  • 21.  The operational plane is the application plane of an Adaptive MILS system.  It is the least pre-defined plane, and can be further developed manually depending on the safety and security goals of the application.  This means that it is not as static as the other Adaptive MILS planes.  A generic argument that the operational plane guarantees that it’s local policy is met. Operational plane CITADEL training 21atsec information security AB
  • 22.  The foundational plane includes various foundation element components:  platform node(s), containing kernel instances ● An argument over each platform node and separation kernel instance are separated for data and processor time partitioning. ● An argument that configuration introspection is permitted by authorised subjects.  MILS network subsystem (NSM) instances  Time Sensitive Network (TSN) ● An argument to ensure that critical information is delivered timely and that bandwidth is optimised according to different levels of priority. Foundational plane CITADEL training 22atsec information security AB
  • 23.  An argument that the monitoring plane provides a flexible framework for constructing monitoring applications to ensure continuous correct functioning of the Adaptive MILS system.  Arguments to obtain monitor data, analyse it for certain properties or anomalies, and trigger alarms or reports of the analysis results.  The plane supports state monitoring and communications monitoring. Monitoring plane CITADEL training 23atsec information security AB
  • 24.  An argument that the adaptation plane ensures that adaptations preserve vital overarching properties defined for the system when developing the adaptation strategy to adapt to changing environmental conditions or dynamic repurposing of the system in real-time safety-critical environments.  The adaptation plane performs dynamic risk assessment based on context-awareness when developing adaptation strategies.  An argument that the context-awareness model is correct, sufficient and assures system safety. Adaptation plane CITADEL training 24atsec information security AB
  • 25.  The configuration plane develops a reconfiguration plan, and mediates the use of the dynamic reconfiguration primitives to the separation kernel and the network by enforcing adaptation policies on proposed reconfiguration plans.  It states an argument that the plane ensures the establishment of correct configuration and reconfiguration plans for Adaptive MILS systems.  Also an argument of the dynamic reconfiguration capabilities. Configuration plane CITADEL training 25atsec information security AB
  • 26.  It comprises the AM-ETB, which enables tool integration, as well as the verification and validation of results.  An argument that the plane verifies that the model (in current and next configurations chosen by the adaptation plane) satisfies the system properties, by generating, collecting and analysing evidence. Certification plane CITADEL training 26atsec information security AB
  • 27.  While every claim in an assurance case should eventually end with an evidence node, each assurance case pattern does not necessarily end with an evidence node.  The pattern could, for instance, also be supported by other argument patterns that end with evidence nodes.  Such modular patterns have been defined within the CITADEL project… Additional argument patterns CITADEL training 27atsec information security AB
  • 28.  Interface pattern  Create an argument that communication between components or compositions in the architecture only occurs via connections explicitly defined in the policy architecture.  Threat pattern  Create an argument that threats are sufficiently mitigated.  Modes and transitions / state and transitions patterns  Create arguments that modes/states and transitions between modes are in accordance with mode models and transition models.  Composition pattern  Create arguments that formally defined properties of a system are satisfied by a CITADEL system model and are faithfully implemented by an Adaptive MILS system.  Process (component) pattern  Create an argument for any process during the development, real-time adaptation and reconfiguration, and analysis of an Adaptive MILS system. Assurance case argument patterns CITADEL training 28atsec information security AB
  • 29.  The process pattern may include one or more properties as modules within the process.  Tool pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Person pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Organisation pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Artefact pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Technique pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case.  Trusted Software Component pattern ● Create an argument about the trustworthiness of tools used as part of a process included in the assurance case. Process Properties Patterns CITADEL training 29atsec information security AB
  • 30. Some examples: Monitoring Plane atsec information security AB CITADEL training 30
  • 31. Some examples: Interface pattern atsec information security AB CITADEL training 31
  • 32. 32 Assurance cases in evaluations Evaluation CITADEL trainingatsec information security AB
  • 33.  Before the evaluation, it should be ensured that the assurance case is correct.  The assurance case itself is reviewed. The soundness of the assurance case is verified based on four aspects.  These aspects are explained in the following slides.  Once it is determined that the assurance case is sound, we can use the assurance during the evaluation of an Adaptive MILS system.  The evaluation is performed by reviewing the assurance case. 33 Evaluation of the assurance case CITADEL trainingatsec information security AB
  • 34.  Completeness of the assurance case  Shows the degree to which the assurance case has been finished by looking at instantiated and undeveloped claims.  Sufficiency of the arguments  Is the argument strong enough to support the conclusions being drawn? ● Standards-based assurance cases has potential to increase strength of an argument. (standards indicates requirements) Soundness of the assurance case CITADEL training 34atsec information security AB
  • 35.  Sufficiency of evidence  Extent to which the evidence supports the argument.  The integrity and trustworthiness of evidence. ● If evidence collection and analysis process cannot be assured, evidence can be ruled as inadmissible. (tool qualification and assurance)  Sufficiency of assumptions  Extent to which assumptions support the arguments. ● Assumptions about the system ● Assumptions about the system’s environment Soundness of the assurance case CITADEL training 35atsec information security AB
  • 36.  The assurance case is reviewed  This also focuses on the quality of the evidence.  Human interaction is required for interpretation of the assurance case.  Interactive presentation of the assurance case…  enables evaluator to encapsulate selected fragments, and review the assurance case fragment by fragment.  enables evaluator to indicate whether a claim is satisfied or not, and leave feedback.  shows comprehensive overview of the results or the evaluation + metric indicating security or safety of the adaptive system. Assurance case during evaluations CITADEL training 36atsec information security AB
  • 37.  The performance of the adaptive mils system is determined on basis of the analysis of the evidence supporting each of the arguments of the entire assurance case.  While the analysis will require human judgement, automated tools may support the overall assurance case analysis.  The completeness of the requirements, adequacy of test case and absence of unintended behaviours should be evaluated with the assistance of the AM-ETB tool. Evaluation of performance CITADEL training 37atsec information security AB
  • 38. Automation of assurance case usage CITADEL training 38atsec information security AB
  • 39.  AM-ETB stands for Adaptive MILS Evidential Tool Bus.  The AM-ETB tool is used for this automation.  It supports the automatic instantiation of assurance case patterns.  For further information, please refer to the training material related to AM-ETB. AM-ETB CITADEL training 39atsec information security AB