Các trường hợp đảm bảo an ninh - Tình trạng hiện tại của một phương pháp mới nổi

Adelard (1998) The adelard safety case development manual Adelard (2003) The adelard safety case editor—asce. Product description available at: http://adelard.co.uk/software/asce/ Agudo I, Vivas J L, López J (2009) Security assurance during the software development cycle. In: Proceedings of the international conference on computer systems and technologies and workshop for PhD students in computing. ACM, p 20 Alexander R, Hawkins R, Kelly T (2011) Security assurance cases: motivation and the state of the art. High Integrity Systems Engineering Department of Computer Science University of York, Deramore Lane York YO10 5GH Ankrum T S, Kromholz A H (2005) Structured assurance cases: three common standards. In: Ninth IEEE international symposium on high-assurance systems engineering (HASE’05). https://doi.org/10.1109/HASE.2005.20, pp 99–108 Australian Research Council (2018) Excellence in research for Australia. https://www.arc.gov.au/excellence-research-australia Behrmann G, David A, Larsen K G, Håkansson J, Pettersson P, Yi W, Hendriks M (2006) Uppaal 4.0. In: Behrmann G et al (eds) Uppaal 4.0. Third international conference on the quantitative evaluation of SysTems (QEST 2006). IEEE Computer Society, Los Alamitos Ben Othmane L, Ali A (2016) Towards effective security assurance for incremental software development the case of zen cart application. In: 2016 11th International conference on availability, reliability and security (ARES). IEEE, pp 564–571 Ben Othmane L, Angin P, Bhargava B (2014) Using assurance cases to develop iteratively security features using scrum. In: 2014 Ninth international conference on availability, reliability and security. IEEE, pp 490–497 Birch J, Rivett R, Habli I, Bradshaw B, Botham J, Higham D, Jesty P, Monkhouse H, Palin R (2013) Safety cases and their role in iso 26262 functional safety assessment. In: International conference on computer safety, reliability, and security. Springer, pp 154–165 Bloomfield R, Bishop P (2010) Safety and assurance cases: past, present and possible future–an adelard perspective. In: Making systems safer. Springer, pp 51–67 Bloomfield R, Bishop P, Butler E, Netkachova K (2017) Using an assurance case framework to develop security strategy and policies. In: International conference on computer safety, reliability, and security. Springer, pp 27–38 Calinescu R, Weyns D, Gerasimou S, Iftikhar M U, Habli I, Kelly T (2017) Engineering trustworthy self-adaptive software with dynamic assurance cases. IEEE Trans Softw Eng 44(11):1039–1069 Campbell D T, Stanley J C (2015) Experimental and quasi-experimental designs for research. Ravenio Books Cheah M, Shaikh S A, Bryans J, Wooderson P (2018) Building an automotive security assurance case using systematic security evaluations. Comput Secur 77:360–379 Chindamaikul K, Takai T, Iida H (2014) Retrieving information from a document repository for constructing assurance cases. In: 2014 IEEE international symposium on software reliability engineering workshops. IEEE, pp 198–203 Cockram T, Lautieri S (2007) Combining security and safety principles in practice. In: Proceedings of the 2nd institution of engineering and technology international conference on system safety. IET, pp 159–164 Coffey J W, Snider D, Reichherzer T, Wilde N (2014) Concept mapping for the efficient generation and communication of security assurance cases. Proc IMCIC 14:173–177 Computing Research and Education Association of Australasia: core ranking portal—computing research and education. https://www.core.edu.au/conference-portal (2018) Cyra L, Gorski J (2007) Supporting compliance with security standards by trust case templates. In: 2nd International conference on dependability of computer systems (DepCoS-RELCOMEX’07). IEEE, pp 91–98 Easterbrook S, Singer J, Storey M A, Damian D (2008) Selecting empirical methods for software engineering research. In: Guide to advanced empirical software engineering. Springer, pp 285–311 Feiler P H, Gluch D P (2012) Model-based engineering with AADL: an introduction to the SAE architecture analysis & design language. Addison-Wesley Finnegan A, McCaffery F (2014a) A security argument pattern for medical device assurance cases. In: 2014 IEEE international symposium on software reliability engineering workshops. IEEE, pp 220–225 Finnegan A, McCaffery F (2014b) Towards an international security case framework for networked medical devices. In: International conference on computer safety, reliability, and security. Springer, pp 197–209 Finnegan A, McCaffery F, Coleman G (2013) A process assessment model for security assurance of networked medical devices. In: International conference on software process improvement and capability determination. Springer, pp 25–36 Fung N L, Kokaly S, Di Sandro A, Salay R, Chechik M (2018) Mmint-a: a tool for automated change impact assessment on assurance cases. In: International conference on computer safety, reliability, and security. Springer, pp 60–70 Gacek A, Backes J, Cofer D, Slind K, Whalen M (2014) Resolute: an assurance case language for architecture models. ACM SIGAda Ada Lett 34(3):19–28 Gade D, Deshpande S (2015) A literature review on assurance driven software design. Int J Adv Res Comput Commun Eng 4(9):82–87 Gallo R, Dahab R (2015) Assurance cases as a didactic tool for information security. In: IFIP World conference on information security education. Springer, pp 15–26 GessNet (2011) TurboacTM assurance cases. https://www.gessnet.com// Goodger A, Caldwell N, Knowles J (2012) What does the assurance case approach deliver for critical information infrastructure protection in cybersecurity?. In: 7th IET International conference on system safety, incorporating the Cyber security conference. IET Górski J, Jarzębowicz A, Miler J, Witkowicz M, Czyżnikiewicz J, Jar P (2012) Supporting assurance by evidence-based argument services. In: International conference on computer safety, reliability, and security. Springer, pp 417–426 Graydon P J, Kelly T P (2013) Using argumentation to evaluate software assurance standards. Inf Softw Technol 55(9):1551–1562 Group GCSW (2011) Gsn community standard. Available at www.goalstructuringnotation.info/ G.U. of Technology (2010) Nor-sta. https://www.nor-sta.eu/en/ Haley C B, Moffett J D, Laney R, Nuseibeh B (2005) Arguing security: validating security requirements using structured argumentation. In: Proceedings of the 3rd symposium on requirements engineering for information security (SREIS’05) Hawkins R, Habli I, Kolovos D, Paige R, Kelly T (2015) Weaving an assurance case from design: a model-based approach. In: 2015 IEEE 16th international symposium on high assurance systems engineering. IEEE, pp 110–117 He Y, Johnson C (2012) Generic security cases for information system security in healthcare systems. In: 7th IET international conference on system safety, incorporating the Cyber security conference. IET International Organization for Standardization (2011) ISO 26262 Road vehicles—Functional safety, 1st edn International Organization for Standardization and Society of Automotive Engineers (2018) ISO/SAE 21434 Road vehicles—Cybersecurity Engineering, CD Draft Ionita D, Kegel R, Baltuta A, Wieringa R (2016) Arguesecure: out-of-the-box security risk assessment. In: 2016 IEEE 24th international requirements engineering conference workshops (REW). https://doi.org/10.1109/REW.2016.027, pp 74–79 Ionita D, Ford M, Vasenev A, Wieringa R (2017) Graphical modeling of security arguments: current state and future directions. In: International workshop on graphical models for security. Springer, pp 1–16 Kitchenham B, et al. (2007) Guidelines for performing systematic literature reviews in software engineering. Tech. Rep. EBSE-2007-12007 Keele University Knight J (2015) The importance of security cases: proof is good, but not enough. IEEE Secur Privacy 13(4):73–75 Lipson H, Weinstock C (2008) Evidence of assurance: laying the foundation for a credible security case. Tech. rep., Carnegie Mellon University Maksimov M, Fung N L, Kokaly S, Chechik M (2018) Two decades of assurance case tools: a survey. In: International conference on computer safety, reliability, and security. Springer, pp 49–59 Maksimov M, Kokaly S, Chechik M (2019) A survey of tool-supported assurance case assessment techniques. ACM Comput Surv 52(5). https://doi.org/10.1145/3342481 Masumoto M, Tokuno T, Yanamoto S (2013) A method for assuring service grade with assurance case: An experiment on a portal service. In: 2013 IEEE international symposium on software reliability engineering workshops (ISSREW). IEEE, pp 311–314 Matsuno Y, Takamura H, Ishikawa Y (2010) A dependability case editor with pattern library. In: 2010 IEEE 12th international symposium on high assurance systems engineering. IEEE, pp 170–171 Mohamad M, Åström A, Askerdal O, Borg J, Scandariato R (2020) Security assurance cases for road vehicles: an industry perspective. In: Proceedings of the 15th international conference on availability, reliability and security, ARES ’20. https://doi.org/10.1145/3407023.3407033. Association for Computing Machinery, New York Mohammadi N G, Ulfat-Bunyadi N, Heisel M (2018) Trustworthiness cases–toward preparation for the trustworthiness certification. In: International conference on trust and privacy in digital business. Springer, pp 244–259 Nair S, de la Vara J L, Sabetzadeh M, Briand L (2013) Classification, structuring, and assessment of evidence for safety–a systematic literature review. In: 2013 IEEE sixth international conference on software testing, verification and validation. IEEE, pp 94–103 Netkachova K, Bloomfield R E (2016) Security-informed safety. Computer 49(6):98–102 Netkachova K, Bloomfield R, Popov P, Netkachov O (2014) Using structured assurance case approach to analyse security and reliability of critical infrastructures. In: International conference on computer safety, reliability, and security. Springer, pp 345–354 Netkachova K, Müller K, Paulitsch M, Bloomfield R (2015) Investigation into a layered approach to architecting security-informed safety cases. In: 2015 IEEE/AIAA 34th digital avionics systems conference (DASC). IEEE, pp 6B4–1 Object Management Group (OMG) (2020) Structured assurance case metamodel (SACM), version 2.1. OMG Document Number formal/20-04-01 (https://www.omg.org/spec/SACM/2.1/PDF) Palin R, Ward D, Habli I, Rivett R (2011) Iso 26262 safety cases: compliance and assurance. In: 6th IET international conference on system safety. IET Patu V, Yamamoto S (2013a) How to develop security case by combining real life security experiences (evidence) with d-case. Procedia Comput Sci 22:954–959 Patu V, Yamamoto S (2013b) Identifying and implementing security patterns for a dependable security case–from security patterns to d-case. In: 2013 IEEE 16th international conference on computational science and engineering. IEEE, pp 138–142 Piètre-Cambacédès L, Bouissou M (2013) Cross-fertilization between safety and security engineering. Reliab Eng Syst Saf 110:110–126. https://doi.org/10.1016/j.ress.2012.09.011. http://www.sciencedirect.com/science/article/pii/S0951832012001913 Poreddy B R, Corns S (2011) Arguing security of generic avionic mission control computer system (mcc) using assurance cases. Procedia Comput Sci 6:499–504 Ray A, Cleaveland R (2015) Security assurance cases for medical cyber–physical systems. IEEE Des Test 32(5):56–65 Rodes B D, Knight J C, Wasson K S (2014) A security metric based on security arguments. In: Proceedings of the 5th international workshop on emerging trends in software metrics. ACM, pp 66–72 Runeson P, Höst M (2009) Guidelines for conducting and reporting case study research in software engineering. Empir Softw Eng 14(2):131 Sein M, Henfridsson O, Purao S, Rossi M, Lindgren R (2011) Action design research. MIS Q 35:37–56. https://doi.org/10.2307/23043488 Shortt C, Weber J (2015) Hermes: a targeted fuzz testing framework. In: International conference on intelligent software methodologies, tools, and techniques. Springer, pp 453–468 Singapore A D S C (2015) Cybersage https://www.illinois.adsc.com.sg/cybersage/index.html/ Sklyar V, Kharchenko V (2016) Assurance case driven design for computer systems: graphical notations versus mathematical methods. In: 2016 Third international conference on mathematics and computers in sciences and in industry (MCSI). IEEE, pp 308–312 Sklyar V, Kharchenko V (2017a) Challenges in assurance case application for industrial iot. In: 2017 9th IEEE international conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), vol 2. IEEE, pp 736–739 Sklyar V V, Kharchenko V S (2017b) Assurance case driven design based on the harmonized framework of safety and security requirements. In: ICTERI, pp 670–685 Sklyar V, Kharchenko V (2019) Green assurance case: applications for internet of things. In: Green IT engineering: social, business and industrial applications. Springer, pp 351–371 Sljivo I, Gallina B (2016) Building multiple-viewpoint assurance cases using assumption/guarantee contracts. In: Proccedings of the 10th European conference on software architecture workshops. ACM, p 39 Spriggs J (2012) GSN-the goal structuring notation: a structured approach to presenting arguments. Springer Science & Business Media Strielkina A, Illiashenko O, Zhydenko M, Uzun D (2018) Cybersecurity of healthcare iot-based systems: regulation and case-oriented assessment. In: 2018 IEEE 9th international conference on dependable systems, services and technologies (DESSERT). IEEE, pp 67–73 Taguchi K, Souma D, Nishihara H (2014) Safe & sec case patterns. In: International conference on computer safety, reliability, and security. Springer, pp 27–37 Tippenhauer N O, Temple W G, Vu A H, Chen B, Nicol D M, Kalbarczyk Z, Sanders W H (2014) Automatic generation of security argument graphs. In: 2014 IEEE 20th pacific rim international symposium on dependable computing. IEEE, pp 33–42 Toulmin S E (2003) The uses of argument. Cambridge University Press, Cambridge Vivas J L, Agudo I, López J (2011) A methodology for security assurance-driven system development. Requir Eng 16(1):55–73 Weinstock CB, Goodenough JB, Lipson HF (2007) Arguing security-creating security assurance cases. Tech. rep., Software Engineering Institute—Carnegie Mellon University. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid= 293629. Part of the collection “Resources for Assurance Cases” Willadsen K (2011) Meld. https://meldmerge.org/ Wohlin C (2014) Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th international conference on evaluation and assessment in software engineering. Citeseer, p 38 Wohlin C, Runeson P, Höst M, Ohlsson M C, Regnell B, Wesslén A (2012) Experimentation in software engineering. Springer Science & Business Media Xu B, Lu M, Zhang D (2017) A layered argument strategy for software security case development. In: 2017 IEEE international symposium on software reliability engineering workshops (ISSREW). IEEE, pp 331–338 Yamamoto S (2015) Assuring security through attribute gsn. In: 2015 5th International conference on IT convergence and security (ICITCS). IEEE, pp 1–5 Yin R K et al (2003) Design and methods. Case Study Research 3 Yu Y, Tun T T, Tedeschi A, Franqueira V N L, Nuseibeh B (2011) Openargue: supporting argumentation to evolve secure software systems. In: 2011 IEEE 19th international requirements engineering conference. https://doi.org/10.1109/RE.2011.6051671, pp 351–352