Constructing security cases based on formal verification of security requirements in alloy - Advancing Rigorous Software and System Engineering Access content directly
Conference Papers Year : 2023

Constructing security cases based on formal verification of security requirements in alloy

Abstract

Assuring that security requirements have been met in design phases is less expensive compared with changes after system development. Security-critical systems deployment requires providing security cases demonstrating whether the design adequately incorporates the security requirements. Building arguments and generating evidence to support the claims of an assurance case is of utmost importance and should be done using a rigorous mathematical basis, namely formal methods. In this paper, we propose an approach that uses formal methods to construct security assurance cases. This approach takes a list of security requirements as input and generates security cases to assess their fulfillment. Furthermore, we define security argument patterns supported by the formal verification results presented using the GSN pattern notation. The overall approach is validated through a case study involving an autonomous drone
Fichier principal
Vignette du fichier
ASSURE2023 (2).pdf (1014.49 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

cea-04232793 , version 1 (09-10-2023)

Identifiers

Cite

Marwa Zeroual, Brahim Hamid, Morayo Adedjouma, Jason Jaskolka. Constructing security cases based on formal verification of security requirements in alloy. 42nd International Conference on Computer Safety, Reliability and Security (SAFECOMP 2023) Workshops, Sep 2023, Toulouse, France. pp.15-25, ⟨10.1007/978-3-031-40953-0_2⟩. ⟨cea-04232793⟩
218 View
74 Download

Altmetric

Share

Gmail Mastodon Facebook X LinkedIn More