| Presentation | 2013-05-31 A new approach to develop a dependable security case by combining real life security experiences (lessons learnt) with D-Case development process Vaise Patu, Shuichiro Yamamoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Our daily life reliance on software systems is growing for the purpose of convenience, efficiency, and security. Modern systems runs for long periods of time and are being constantly improved in service objectives and users' requirements under evolving technologies and changing regulations/standards. At the same time, these systems have become extremely complex. Dependability of these software systems cannot be achieved only by using conventional technologies, such as software processes and/or Formal Methods. It also needs software assurance case, which in this paper we refer to it as dependability (assurance) case or simply D-Case. Most often is the fact that D-Case (an extension form of assurance case) is most commonly associated with the safely aspect of dependability that covers the realm of dependable software application systems, embedded operating systems, information systems and so on. Because of this regard, safety cases are quite well known in comparison to other aspects of dependability like availability, integrity and confidentiality witch are all co-related to security. On the other hand, D-Case has never been used in security and therefore holds the motivation behind this paper. By combining our knowledge of networking system together with our research result on the issue of security, it was found that there is guidance available, and there have been some promising experiments on the creation of security cases, although these guidance and experiments are not well documented to cover the realm of information and industrial networking systems, which this paper is about. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Assurance Case / D-Case / Security Case / Software Security / Networking System Security / Goal Structuring Notation / Security Engineering / Risk Management |
| Paper # | KBSE2013-8 |
| Date of Issue |
| Conference Information | |
| Committee | KBSE |
|---|---|
| Conference Date | 2013/5/23(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Knowledge-Based Software Engineering (KBSE) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A new approach to develop a dependable security case by combining real life security experiences (lessons learnt) with D-Case development process |
| Sub Title (in English) | |
| Keyword(1) | Assurance Case |
| Keyword(2) | D-Case |
| Keyword(3) | Security Case |
| Keyword(4) | Software Security |
| Keyword(5) | Networking System Security |
| Keyword(6) | Goal Structuring Notation |
| Keyword(7) | Security Engineering |
| Keyword(8) | Risk Management |
| 1st Author's Name | Vaise Patu |
| 1st Author's Affiliation | Nagoya University() |
| 2nd Author's Name | Shuichiro Yamamoto |
| 2nd Author's Affiliation | Nagoya University |
| Date | 2013-05-31 |
| Paper # | KBSE2013-8 |
| Volume (vol) | vol.113 |
| Number (no) | 71 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |