A Security Property Decomposition Argument Pattern for Structured Assurance Case Models

Demonstrating that a system satisfies a complete, adequate, and consistent set of security requirements to protect its critical assets is an essential aspect of security evaluation and assurance. Arguing that each of the security properties for a given system is satisfied and supported by evidence is a requirement for presenting an effective and compelling security assurance argument. The decomposition of a security assurance case to support this argumentation can be challenging as different systems have different security objectives and, consequently, different security requirements. In this paper, we propose a security assurance argument pattern called Security Property Decomposition. This pattern is extracted by studying existing security assurance case models and their decomposition to argue the satisfaction of security properties such as confidentiality, integrity, and availability. It also considers the requirements prescribed by several prominent security standards for developing secure and trustworthy systems in different application domains. As a result, the Security Property Decomposition pattern can be instantiated in the context of different application domains to demonstrate that the security requirements related to the functionality of the system have been adequately satisfied as part of a structured security assurance case. To illustrate the applicability of the proposed pattern, we present an application of the pattern demonstrating compliance with a relevant security standard in the automotive domain.

[1]  Myra B. Cohen,et al.  The Assurance Recipe: Facilitating Assurance Patterns , 2018, SAFECOMP Workshops.

[2]  Monika Szczygielska,et al.  Assurance Case Patterns On-line Catalogue , 2017, DepCoS-RELCOMEX.

[3]  Fergal McCaffery,et al.  A Security Argument Pattern for Medical Device Assurance Cases , 2014, 2014 IEEE International Symposium on Software Reliability Engineering Workshops.

[4]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[5]  R. kelly 1 A Software Safety Argument Pattern Catalogue , .

[6]  Jeremiah Y. Dangler,et al.  Categorization of Security Design Patterns , 2013 .

[7]  Tor Stålhane,et al.  Safety Case Patterns, Notations and GSN , 2018 .

[8]  Jason Jaskolka Challenges in Assuring Security and Resilience of Advanced Metering Infrastructure , 2018, 2018 IEEE Electrical Power and Energy Conference (EPEC).

[9]  F. Singhoff,et al.  4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019) , 2019 .

[10]  Tony Ucedavélez,et al.  Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis , 2015 .

[11]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[12]  Mario Gleirscher,et al.  Assurance of System Safety: A Survey of Design and Argument Patterns , 2019, ArXiv.

[13]  Steven Corns,et al.  Arguing Security of Generic Avionic Mission Control Computer System (MCC) using Assurance Cases , 2011, Complex Adaptive Systems.

[14]  Martin A. Skoglund,et al.  Argument Patterns for Multi-Concern Assurance of Connected Automated Driving Systems , 2019, CERTS.

[15]  Hao Wang,et al.  Can Product-Specific Assurance Case Templates Be Used as Medical Device Standards? , 2015, IEEE Design & Test.

[16]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[17]  Georgios Kavallieratos,et al.  Attack Path Analysis for Cyber Physical Systems , 2020, CyberICPS/SECPRE/ADIoT@ESORICS.

[18]  Jason Jaskolka Recommendations for Effective Security Assurance of Software-Dependent Systems , 2020, SAI.

[19]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[20]  Rob Alexander,et al.  Security Assurance Cases: Motivation and the State of the Art , 2011 .

[21]  Sajjan G. Shiva,et al.  Use of Attack Graphs in Security Systems , 2014, J. Comput. Networks Commun..

[22]  Elaine B. Barker Guideline for using cryptographic standards in the federal government: , 2016 .

[23]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[24]  David A. Wheeler A Sample Security Assurance Case Pattern , 2018 .

[25]  Eduardo B. Fernández,et al.  A comprehensive pattern-oriented approach to engineering security methodologies , 2015, Inf. Softw. Technol..

[26]  Tim Kelly A Systematic Approach to Safety Case Management , 2004 .

[27]  Martin A. Skoglund,et al.  The AMASS Approach for Assurance and Certification of Critical Systems , 2019 .

[28]  Eduardo B. Fernández,et al.  Evaluating the degree of security of a system built using security patterns , 2018, ARES.

[29]  Shuichiro Yamamoto,et al.  An evaluation of argument patterns to reduce pitfalls of applying assurance case , 2013, 2013 1st International Workshop on Assurance Cases for Software-Intensive Systems (ASSURE).

[30]  Mark van den Brand,et al.  A categorization of GSN-based safety cases and patterns , 2016, 2016 4th International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[31]  Olga Villagrán-Velasco,et al.  Refining the evaluation of the degree of security of a system built using security patterns , 2020, ARES.

[32]  Barbara Gallina,et al.  Building multiple-viewpoint assurance cases using assumption/guarantee contracts , 2016, ECSA Workshops.

[33]  Mathieu Acher,et al.  Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis , 2014, SEFM Workshops.

[34]  A. Coronato ISO 14971: medical devices - application of risk management to medical devices , 2018 .

[35]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[36]  Cybersecurity Guidebook for Cyber-Physical Vehicle Systems , 2022 .

[37]  Mario Piattini,et al.  A study of security architectural patterns , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[38]  John C. Knight,et al.  A security metric based on security arguments , 2014, WETSoM 2014.

[39]  John A. McDermid,et al.  Safety Case Construction and Reuse Using Patterns , 1997, SAFECOMP.

[40]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[41]  Mary Shaw,et al.  An Introduction to Software Architecture , 1993, Advances in Software Engineering and Knowledge Engineering.

[42]  Medical devices. Quality management systems. Requirements for regulatory purposes , 2022 .

[43]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .