CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems-Reference-Cited by-同舟云学术

CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems

Published:2023-01-31 Issue:1 Volume:7 Page:1-26
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Mohamad Mazen¹^ORCID,Jolak Rodi¹^ORCID,Askerdal Örjan²^ORCID,Steghöfer Jan-Philipp¹^ORCID,Scandariato Riccardo³^ORCID

Affiliation:

1. Chalmers and University of Gothenburg, Chalmersplatsen, Gothenburg, Sweden

2. Volvo Trucks, Gothenburg, Sweden

3. Hamburg University of Technology, Hamburg, Germany

Abstract

Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the state-of-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle’s headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3569459

Reference28 articles.

1. Adelard. 2022. Claims Arguments and Evidence (CAE) . https://www.adelard.com/asce/cae/. Accessed July 12 2022.

2. The MITRE Corporation (MITRE). 2022. Common Attack Pattern Enumeration and Classification (CAPEC) . http://capec.mitre.org/. Accessed July 2 2022.

3. Sebastian Herold Holger Klus Yannick Welsch Constanze Deiters Andreas Rausch Ralf Reussner Klaus Krogmann Heiko Koziolek Raffaela Mirandola Benjamin Hummel et al. 2008. CoCoME-the common component modeling example. In Proceeding of the Common Component Modeling Example Springer 16–53.

4. A. Finnegan and F. McCaffery. 2014. Towards an international security case framework for networked medical devices. In International Conference on Computer Safety, Reliability, and Security. Springer, 197–209.

5. Rob Alexander Richard Hawkins and Tim Kelly. 2011. Security assurance cases: Motivation and the state of the art. High Integrity Systems Engineering Department of Computer Science University of York Deramore Lane York YO10 5GH . https://www-users.cs.york.ac.uk/rhawkins/papers/York%20CESG%20security%20case%20report.pdf.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Increasing the Confidence in Security Assurance Cases using Game Theory;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

2. Cybersecurity Pathways Towards CE-Certified Autonomous Forestry Machines;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W);2024-06-24

3. Tracking assets in source code with Security Annotations;Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings;2024-04-14

4. A Requirements Optimization Method for Automotive Cyber Security Assurance;Lecture Notes in Computer Science;2024