Constructing security cases based on formal verification of security requirements in alloy - Advancing Rigorous Software and System Engineering
Communication Dans Un Congrès Année : 2023

Constructing security cases based on formal verification of security requirements in alloy

Résumé

Assuring that security requirements have been met in design phases is less expensive compared with changes after system development. Security-critical systems deployment requires providing security cases demonstrating whether the design adequately incorporates the security requirements. Building arguments and generating evidence to support the claims of an assurance case is of utmost importance and should be done using a rigorous mathematical basis, namely formal methods. In this paper, we propose an approach that uses formal methods to construct security assurance cases. This approach takes a list of security requirements as input and generates security cases to assess their fulfillment. Furthermore, we define security argument patterns supported by the formal verification results presented using the GSN pattern notation. The overall approach is validated through a case study involving an autonomous drone

Domaines

Calcul formel [cs.SC] Informatique et langage [cs.CL]
Fichier principal
Vignette du fichier
ASSURE2023 (2).pdf (1014.49 Ko) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Contributeur MAP CEA  : Connectez-vous pour contacter le contributeur

https://cea.hal.science/cea-04232793

Soumis le : lundi 9 octobre 2023-10:30:05

Dernière modification le : mardi 3 septembre 2024-11:16:05

Télécharger pour visualiser

Dates et versions

cea-04232793 , version 1 (09-10-2023)

Identifiants

Citer

Marwa Zeroual, Brahim Hamid, Morayo Adedjouma, Jason Jaskolka. Constructing security cases based on formal verification of security requirements in alloy. 42nd International Conference on Computer Safety, Reliability and Security (SAFECOMP 2023) Workshops, Sep 2023, Toulouse, France. pp.15-25, ⟨10.1007/978-3-031-40953-0_2⟩. ⟨cea-04232793⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CEA UNIV-TLSE2 CNRS UT1-CAPITOLE DRT CEA-UPSAY UNIV-PARIS-SACLAY LIST IRIT IRIT-ARGOS IRIT-FSL GS-COMPUTER-SCIENCE GS-SPORT-HUMAN-MOVEMENT IRIT-UT2J TOULOUSE-INP UNIV-UT3 UT3-TOULOUSEINP
642 Consultations
200 Téléchargements

Altmetric

Partager

More