Skip to content

Assurance Cases

Description

Introduces the concepts and benefits of creating and maintaining assurance cases for security. A security assurance case uses a structured set of arguments and a corresponding body of evidence to demonstrate that a system satisfies specific claims with respect to its security properties.

Overview Article

  • Assurance Cases Overview [11/14/08 3:51:00 PM]
    Our objective for the Assurance Cases (AC) content area of the Build Security In (BSI) Web site is to raise awareness about emerging methods and tools for assuring security properties of systems. In this content area, we introduce the concepts and benefits of developing and maintaining assurance cases for security. In particular, we describe the benefits of integrating assurance cases for security into the software development life cycle (SDLC) by “building assurance in” from the outset.

Most Recently Updated Articles [Ordered by Last Modified Date]

  • Evidence of Assurance: Laying the Foundation for a Credible Security Case [11/14/08 3:53:58 PM]
    A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.
  • Arguing Security - Creating Security Assurance Cases [11/14/08 3:52:06 PM]
    An assurance case is a body of evidence organized into an argument demonstrating that some claim about a system holds, i.e., is assured. An assurance case is needed when it is important to show that a system exhibits some complex property such as safety, security, or reliability. In this article, our objective is to explain an approach to documenting an assurance case for system security, i.e., a security assurance case or, more succinctly, a security case.
  • Assurance Cases Overview [11/14/08 3:51:00 PM]
    Our objective for the Assurance Cases (AC) content area of the Build Security In (BSI) Web site is to raise awareness about emerging methods and tools for assuring security properties of systems. In this content area, we introduce the concepts and benefits of developing and maintaining assurance cases for security. In particular, we describe the benefits of integrating assurance cases for security into the software development life cycle (SDLC) by “building assurance in” from the outset.

All Articles [Ordered by Recommended Reading Order]

  • Assurance Cases Overview [11/14/08 3:51:00 PM]
    Our objective for the Assurance Cases (AC) content area of the Build Security In (BSI) Web site is to raise awareness about emerging methods and tools for assuring security properties of systems. In this content area, we introduce the concepts and benefits of developing and maintaining assurance cases for security. In particular, we describe the benefits of integrating assurance cases for security into the software development life cycle (SDLC) by “building assurance in” from the outset.
  • Arguing Security - Creating Security Assurance Cases [11/14/08 3:52:06 PM]
    An assurance case is a body of evidence organized into an argument demonstrating that some claim about a system holds, i.e., is assured. An assurance case is needed when it is important to show that a system exhibits some complex property such as safety, security, or reliability. In this article, our objective is to explain an approach to documenting an assurance case for system security, i.e., a security assurance case or, more succinctly, a security case.
  • Evidence of Assurance: Laying the Foundation for a Credible Security Case [11/14/08 3:53:58 PM]
    A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.

Get Adobe Reader Get Adobe Reader