The security assurance of computer-based systems that rely on safety and securityassurance, such as consistency, durability, efficiency and accessibility, require or need resources. This targets the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large informationsystem. This research addresses security and information assurance for safety-critical systems, where security and safety are addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.
References
[1]
Nabi, F. and Nabi, M.M. (2017) A Process of Security Assurance Properties Unification for Application Logic. International Journal of Electronics and Information Engineering, 6, 40-48.
[2]
Chechik, M., Salay, R., Viger, T., Kokaly, S. and Rahimi, M. (2019) Software Assurance in an Uncertain World. In: Hähnle, R. and van der Aalst, W., Eds., FASE 2019, LNCS 11424, 3-21. https://doi.org/10.1007/978-3-030-16722-6_1
[3]
Kelly, T. (2019) An Assurance Framework for Independent Co-Assurance of Safety and Security. New York University Press, New York.
[4]
Czarnecki, K. and Salay, R. (2018) Towards a Framework to Manage Perceptual Uncertainty for Safe Automated Driving. In: Gallina, B., Skavhaug, A., Schoitsch, E. and Bitsch, F., Eds., SAFECOMP 2018, LNCS, Vol. 11094, Springer, Cham, 439-445. https://doi.org/10.1007/978-3-319-99229-7_37
[5]
Carlan, C., Gallina, B., Kacianka, S. and Breu, R. (2017) Arguing on Software-Level Verification Techniques Appropriateness. In: Tonetta, S., Schoitsch, E. and Bitsch, F., Eds., SAFECOMP 2017, LNCS, Vol. 10488, Springer, Cham, 39-54. https://doi.org/10.1007/978-3-319-66266-4_3
[6]
Carlan, C., Ratiu, D. and Schätz, B. (2016) On Using Results of Code-Level Bounded Model Checking in Assurance Cases. In: Skavhaug, A., Guiochet, J., Schoitsch, E. and Bitsch, F., Eds., SAFECOMP 2016, LNCS, Vol. 9923, Springer, Cham, 30-42. https://doi.org/10.1007/978-3-319-45480-1_3
[7]
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M. and Halgand, Y. (2015) A Survey of Approaches Combining Safety and Security for Industrial Control Systems. Reliability Engineering & System Safety, 139, 156-178. https://doi.org/10.1016/j.ress.2015.02.008
Bird, J. (2017, October) 2017 State of Application Security: Balancing Speed and Risk.
[10]
Ullrich, J. (2016, April) 2016 State of Application Security: Skills, Configurations and Components. SANS Institute Survey.
[11]
Zakaszewska, A. (2016) Proportionality Approach Model for the Application of ASEMS. BMT Isis Limited (2016, March) (Issue 1).
[12]
Finnegan, A. and McCaffery, F. (2014) Towards an International Security Case Framework for Networked Medical Devices. International Conference on Computer Safety, Reliability, and Security, September 2014, Springer, Cham, 197-209. https://doi.org/10.1007/978-3-319-24255-2_15
[13]
Gehr, T., Milman, M., Drachsler-Cohen, D., Tsankov, P., Chaudhuri, S. and Vechev, M. (2018) AI2: Safety and Robustness Certification of Neural Networks with Abstract Interpretation. 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, 20-24 May 2018. https://doi.org/10.1109/SP.2018.00058
