Please use this identifier to cite or link to this item:

Evaluating Security Assurance Case Adaptation

File Size Format  
0728.pdf 2.01 MB Adobe PDF View/Open

Item Summary

Title:Evaluating Security Assurance Case Adaptation
Authors:Jahan, Sharmin
Marshall, Allen
Gamble, Rose
Keywords:Cybersecurity and Software Assurance
Software Technology
Self-adaptation, security control, security certification, assurance case, softgoal, achievement weight, satisficing
Date Issued:08 Jan 2019
Abstract:Security certification processes for information systems involve expressing security controls as functional and non-functional requirements, monitoring deployed mechanisms that satisfy the requirements, and measuring the degree of confidence in system compliance. With the potential for systems to perform runtime self-adaptation, functional changes to remedy system performance may impact security control compliance. This impact can extend throughout a network of related controls causing significant degradation to the system’s overall compliance status. We represent security controls as security assurance cases and implement them in XML for management and evaluation. The approach maps security controls to softgoals, introducing achievement weights to the assurance case structure as the foundation for determining security softgoal satisficing levels. Potential adaptations adjust the achievement weights to produce different satisficing levels. We show how the levels can be propagated within the network of related controls to assess the overall security control compliance of a potential adaptation.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cybersecurity and Software Assurance

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons